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YAa/ieHHbiM AOCTyn k cepaepy Hy>KeH npaKTMHecKM ;iK)6oMy aAMMHMCTpaTopy. 
Fie jiMiuHMM 6yA6T M yAa/ieHHbiM BbixoA b l/lHTepneT m /lOKa/ibHyio ceTb 


AMepMKaHKa 
pOQOM M3 EepMM 

Bee Mbi OHeHb /iio6mvi no/ibsoBaibc^ 6/iaraiviM 
klHTepHeia. Kto-to o6paiuaeTC?i k nHcl)opMauMOH- 
HbiM pecypcaivi r/io6a/ibHOM ceiM b cn/iy cneun(t)M- 
KM CBoePi pa6oTbi, Apyrkie He Moryr >KMTb 6es 
3/ieKTpOHHOM nOHTbl M leiViaTMHeCKMX naiOB, fl/ia 
TpeibMx — 3T0 cnoco6 npoflBMHyib cbom 6n3Hec 
M HaMTM HOBbix fle/iOBbix napiHepoB. Bee ohm 
npefleiaB/iJiiOT, hto laKoe klHTepneT, ho npM 3 tom, 
9\ 6onee hom yeepen, hmkto ms hmx ho saflyivibiBa- 
eiC9\, 33 enei nero cJ)yHKi4MOHMpyeT eio/ib MOiuHaa 
OMOTeivia. fle/io b tom, hto TbioHHM TbioHH eepBe- 
poB no BoeMy MMpy pa6oTaiOT nofl ynpaB/iOHMOM 
onpefle/ieHHOM onepauMOHHOM eMOTOMbi, m, OKa- 
sbiBaeTOH, 6onee no/iOBMHbi Boex mbiumh b Qio- 
6a/ibHOM eoTM oboom Hafle>KHoeTbio m 6e30TKas- 
HOOTbK) B pa6oTe o6HsaHbi eeTeBOM onepauMOH- 
HOM OMOTeMe FreeBSD, KOTopan 6bi/ia paspaSoTa- 
Ha noHTM TPM fleoHTKa /leT Hasafl b aMepMKan- 
OKOM yHMBepoMTeTe BepK/iM. 3a npoiuefliuMe roflbi 
OHa yene/ia OHMOKaTb ee6e e/iaay Hafle>KHOM m 
H eTpe6oBaTe/ibHOM eeTeBOM OC, KOTopan k TOMy 
>Ke paenpooTpaHHeTOH eoBepiueHHO 6een/iaTHO. 
/1 k)6om He/iOBeK, OTynMBiuMM Ha nyTb eeTeBoro 
aflMMHMOTpaTopa, ne xoneT Ka>Kflyio nefle/iio (m/im 
T oro naiue) KonaTbon b obomx eepBepax Ms-sa 
BOSHMKaioiMMx o6oeB, nosTOMy MHorne m Bbi6M- 
paiOT FreeBSD. FIohhtho, hto HMnero ne 6biBaeT 
flapoM, M 3Ta ynoMHHyraH eTa6M/ibHoeTb TO>Ke 
noTpe6yeT ot Bae onpefle/ieHHbix snaHMM, koto- 
pblMM MbI M XOTMM 0 BaMM nOfle/lMTbOH. 3a6yflbTO 
npo npeKpaoHbie okoiukm Windows, Tenepb Baiu 
/lyniuMM flpyr — Hepnan Koneo/ib, BepHyBiuaHOH 
M3 BpeMeH DOS. Flo He otomt doHTben: ksk TO/ib- 
KO Bbi HaMfleTe e neFi o6immm hshk, bh eMO>KeTe 
SadbITb O TOM, HTO OepBOpbl OK/lOHHbl flaBBTb 
o6om. Flo KpaMHOM Mepe, na neoKO/ibKO /iot, BOflb 
MMOHHO OTO/ibKO y>Ke padoTaiOT 6es ooTanoBKM 
HeoKO/ibKO KpynHbix eepaepoB b HHTepneTe nofl 
ynpaB/iOHMOM FreeBSD. 
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# BBEAEHME/_ SHaKOMCTBO c FreeBSD 



FreeBSD AaBHO m npoHHO o6ocHOBa;iacb Ha cepaepax paa/iMHHbix ceie- 
Bbix c;iy}K6. 3ia OTKpbiTaa OC pery/inpHO Boar/iaB/ineT peMTMHm HaM6o- 
;iee HaAe>KHbix xocTMHr-npoBaMAepoB. OAHaKO UMpoKMe Maccbi no;ib- 
30BaTe;ieM ao cmx nop He opeHnnn ee no AOCTOHHCTBy. 


O HCHb HacTO Mbi paccMaipneaeM 0Kpy>Ka- 
loiMMM Hac Mnp KaK AByxno/iiocHyio cmc- 
T6My, onepnpy5i napaMU npoTneono- 
;io>KHbix noH5iTMM: «A3 — Hei», «ceBep — 
\or», «xopoiuo — n;ioxo» m t. a- Cxo>Ka5i cmy- 
B noc/ieAHee BpeM5i Ha6;iiOAaeTC5i m b 
M upe onepauMOHHbix cmct6m: ocHOBHbie nr- 
poKM pbiHKa IT-MHAycrpuM rpynnnpyiOTC5i bo- 
Kpyr AByx ochobhbix «no;iiocoB» — onepaun- 
OHHblX CMCT6M LiPUX M WlPCloWS. MMeHHO 0 
HMx HaiAe Bcero puiuyi CMM. B potokc py6;iM- 
KauMM, c aHiysnasMOM ppeB03H0C5UAHx oamh 
«PO; ilOC» M 6AK0 UpOHMSUpyiOlAMX HaA «ppo- 
TMBHMKOM», HUTaie/llO H6 BCCTAa yAaeTC5i 3a- 
MeiMTb Apyrux ppeACTaBMTe;ieM pbiHKa ope- 
pauMOHHbix CMCT6M. 1/1 HappacHo! 

CeroAH5i peHb pomagt o6 oahom m hmx — 
CMCieMe FreeBSD, aaHMMafoiAePi b Mupe bto- 


poe MecTO po pacppocipaHeHMocTM cpeAM 
OPepaUMOHHbIX CMCieM C OTKpbllblM KOAOM. 

B OT/lMHMe OT pa3pa60THMK0B LiPUX, KOTOpbie 
BpeMeHaMM oneMb arpeccMBHo ppoABMrafoi 
CBoe AeiMiAe Ha pbmoK, C03AaTe;iM FreeBSD 
BOBce He PbiTafOTC5i y6eAMTb MMp b tom, hto 
3ia OC 5iB;i5ieTC5i /lynmeM a/ibiepnaTHBOM 
ApyrMM cMcieMaM. FreeBSD — CBoero poAa 
KOMPpOMMCC Me>KAy 3HTy3Ha3MOM M KOpPO- 
paiMBHOM pyiMHOM. 

McTopidfl npoeKTa FreeBSD 

Cbomm B03HMKH0BeHneM FreeBSD bo mhotom 
o65i3aHa onepauMOHHOM cMcieMe Upix, koto- 
pa5i 6bma pa3pa6oTana b Konpe 60-x — nana- 
;ie 70-x toaob POApa3Ae;ieHi/ieM BelL Labs kom- 
naHi/ii/i AT&T. FlepBbie BepcMM Upix 6bi;iM » 
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B Oamh M3 ocHOBare/ieM 

FreeBSD m 6biBiiJMM h/ibh 
Core Team — A>KopAaH 
Xa66apA 

L_ 



» HanMcaHbi Ha acceM6;iepe, ho b 1973 roAy cmc- 
T6Ma 6bi;ia nepeni/icana c Mcno/ibsoeaHMeM 
pa3pa6oTaHHoro faeM Pmhm 5i3biKa C. Hmchho 
3TO Aa^o To;iHOK pa3BMTmo Unix, ynpocTMB ee 
nepenoc na HOBbie annapaiHbie n/iaicjDopMbi. 

B TO BpeM51 KOMnbfOiepHblM 6n3HeC 
C51 MOHono/iMeM npaBMie/ibCTBa, no3TOMy 
AT&T npeA/io>KM;ia McxoAHbie KOAbi Unix npa- 
BMie/lbCTBeHHblM yHpe>KAeHM51M M yHMBepCM- 
leiaM 3a cpaBHme/ibHO He6o;ibiuyK) n/iaiy. 
B;iaroAap5i 3TOMy Aanna^i onepauMonna^i cmc- 
T6Ma nona/ia npMMepno b 80% o6pa30BaTe;ib- 


Hbix yHpe>KAeHMM, MMeBiuMx KOMnbfoiepHbie 
cf)aKy;ibTeTbi. Oahom m 3 nepBbix Bn/ioinyfo 3a- 
H5i;iacb pa6oTOM naA Unix rpynna Ka;iMc|Dop- 
HMMCKoro yHMBepcmeTa b BepK/iM — 
Computer Systems Research Group. B 1975 
roAy B OTAe/i KOMnbfoiepHbix Mcc/ieAOBaHMM b 
B epK/iM nepeme/i Ken Tomucoh, ociaBHBiuMM 
BeLL Labs. Peay/ibiaiOM ero cobmocthom c 
npenoAOBaTe;i5iMM m CTyAeniaMM paboibi cia- 
j\a onepauMOHHa^i CMcieMa noA Ha3BaHneM 
Berkley Software Distribution — BSD. flan- 
Ha5i BepcM5i Unix oKaaa/iacb nacTO/ibKO yAan- 


HOM, HTO B KOHUe 70-X TOAOB MHHHCiepCTBO 
obopoHbi QUA o6-b5iBM;io, hto ee noApa3Ae;ie- 
HMe ARPA 6yA6T Mcno/ibaoBaib MMenno ly 
BepcMfo Unix, KOTopa^i paapaboTana b BepK- 
J]]A. OCHOBHbIMM Tpe60BaHM51MM, KOTOpbie 
npeA^b^iB/i^i/iMCb K CMcieMe, 6bmn bo3mo>k- 
HOCTb pabOTbl B CeiM M BblCOKa51 HaAe>KHOCTb. 

B 1991 roAy BSD 6bi/ia nopiMpoBana na 
annapaiHyfo n;iaTc|DopMy Intel x86. 3iy Bep- 
CMfo Ha3biBa;iM 386BSD. B Ka;iMc|DopHMMCKOM 
yHMBepcMTeie o6pa30Ba;iacb rpynna, KOTopa^i 
cia/ia npoABBaib KOMMepnecKyfo BepcMfo BSD 
A/151 n/iaicjDopMbi x86. 

BosHMKHOBeHi/ie FreeBSD 


CobcTBeHHO npoeKT FreeBSD bo3hmk b nana- 
;ie 1993 roAa no MHHAMaiMBe fl/KopAana Xa6- 
bapAa, H3MTa Bn;ib5iMca m PoAa FpaMMca. B 
TO BpeM/l OHM BbICTyna/lM KOOpAMHaTOpaMM 
npoeKTa noA HaaBaHMOM «Heoc|DMAMa;ibHbiM » 


PAbTepHaTMBHbie OC ceMeMCTBa BSD 


CBo 6 onHbie OC Q/ifi ;iio 6 bix Hywn 


□ocKonbKy MCxoAHbie KOAbi FreeBSD ot- 
KpbiTbi, epeivm ot epeivieHM y SHTysMacTOB 
noHBnnnocb >KenaHMe CAenaTb cobcTeeH- 
Hyio OC. SanacTyfo BbiABMraeivibie paspa- 
boTHMKaMM KOHuenuMM npMBneKanM 6onb- 
moe KonMHecTBO moAePi, m 3tm npoeKTbi 
BbmMBanMCb b spenbie onepauMOHHbie cm- 
CTeivibi. Ha ceroAHHUJHMM A©Hb 3acny>KMBa- 
lOT BHMiviaHMH ABe poACTBeHHbie FreeBSD 
OC: NetBSD m OpenBSD. PaccKa>KeM 

BKpaTUe 06 MX MCTOPMM M OCObeHHOCTHX. 

NetBSD 

Hanano paspaboTKM 3tom OC AaTMpoBaHO 
20 anpenn 1993 roAa, KorAa 6bm Bbiny- 
u^eH penM3 noA HOiviepoM 0.8. NetBSD, 
KaK M FreeBSD, bepeT Hanano ot amctpm- 
byTMBa 386BSD. OAHaKO ecnn FreeBSD 
HanpaBMna cbom ycMnMH Ha nnaTct)opMy 
i386, TO NetBSD CKOHueHTpMpoBanacb Ha 


KpoccnnaT(J)opMeHHOCTM. C Tex nop 3Ta 
OC 6bma nopTMpoBana na 40 paanMHHbix 
nnaTcpopM, cpeAM KOTopbix ecTb m Mrpo- 
Bbie KOHCOnM, M HanaAOHHMKM, M KOIVinblO- 
Tepbi cpMpivibi Apple, m MHO>KecTBO APyrMx, 
nOpOM BeCbMa 3K30TMHeCKMX yCTpOMCTB. 

Eu^e OAHOM oaAaneM, nocTaBneHHOM paa- 
paboTHMKaiviM, 6bma nepeHOCMMOCTb npo- 
rpaiviM. CMCTeivia bMHapHOM OMynnuMM 
nosBonneT sanycKaTb nporpaiviMbi, ckom- 
□ MnMpoBaHHbie a/i^ paanMHHbix Unix-no- 
AobHbix OC: FreeBSD, SunOS, HP-UX m 
ApyrMx. NetBSD xapaKTepMayeTcn TaK>Ke 
CTabMnbHOCTbio m bbiCTpoAeMCTBMeivi. M 
xoTH 3T0 B nepByio onepeAb MCcneAOBa- 
TenbCKan OC, OHa McnonbsyeTcn m b Kane- 
CTBe DNS M APyrMx cepaepoB Ha mhotmx 
MHTepneT-xocTMHrax. FlocneAHMM pen ms 
3T0M OC — NetBSD 1.6.2 Bbinyu^eH 
1 iviapTa 2004 roAa. 


OpenBSD 

PoAOcnoBHan 3 tom OC bocxoamt k 
N etBSD 1.1. riepBan BepcMH OpenBSD 
noHBMnacb b 1995 roAy no MHMUMaTMBe 
Teo A© PaaATa, paspaboTHMKa NetBSD, 
OTBeTCTBeHHoro sa nopTMpoBaHMe Ha 
nnaTcpopiviy SPARC. PesMAenuMH 
OpenBSD naxoAMTcn b KanaAe, hto no3- 
BonMno BHOAPMTb B OC anropMTMbi ujm(})- 
pOBaHMH M TeXHOnOTMM bosonacHOCTM, 3a- 
npeu^eHHbie k SKcnopTy b CLUA: RSA, 
Blowfish M APyrMe. OpenBSD — 

«Be3onacHOCTb no yivionHaHMfo». HanpM- 
Mep, cpasy nocne ycTanoBKM Bce ceTe- 
Bbie nopTbi saKpbiTbi. CnocobcTByeT sa- 
u^Mu^eHHOCTM CMCTeivibi M nocTOHHHbiM ay- 
AMT KOAa. KaK M NetBSD, OpenBSD xopo- 
mo nepenocMTCH na pasnMHHbie annapaT- 
Hbie nnaT(})opMbi. Tenyu^an BepcMH 3 tom 
OC — OpenBSD 3.5. 
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OKOHHan cpeAa KDE 
npeAOCTaB/ineT no;ib- 
30BaTe;iio yA 06 HbiM 
MHTep(t>eMC M MHO>KeCT- 
BO yTMJiMT, HO Tpe6y6T 
AOCTaTOHHO MOlAHOrO 
KOMHblOTepa 



» KOMn/ieKT McnpaB/ieHMM k 386BSD» (patch- 
kit), npeACTaB/i5iBiuero co6om cepMfo McnpaB- 
jieHMM M Aono/iHeHMM K 386BSD. Flo yTBep>K- 
AeHMfo fl>KopAaHa, pyKOBOAMie/ib npoeKia 
386BSD Bm/ui fl>Ko;iMA He npo5iB;i5i;i oco6oro 
MHiepeca k cyAb6e CBoero AeiMiAa m b KOHue 
KOHAOB npeKpaiM/i ero noAAep>KKy. B pe- 
sy/ibiaie Xa66apA m ero KO/uierM pemmiM Ha- 
Haib co6cTBeHHbiM npoeKT: flaBMA rpHHM3H 
Aa;i 6My FreeBSD. 

riepBblM AHCTpn6yTMBOM, KOTOpblM paC- 
npocTpaH5i;iC5i KaK Ha CD-ROM, laK m nepes 
l/lHTepneT, 6bi;i FreeBSD 1.0, BbinymeHHbm b 
A6Ka6pe 1993 roAa. Oh 6bi;i Bbino/iHen na 
ocHOBe 4.3BSD-Lite (Net/2) Ka/iMcjDopHMM- 
CKoro yHMBepcMTeia b BepK/iM. 

K co>Ka;ieHmo, b 1994 roAy bo3hmk;ii/i 
npo6;ieMbi c /iMueHSHpoBaHMeM. KoMnaHH5i 
Novell BbiCTyni/i;ia MHi/iAi/iaiopoM cyAe6noro 
npouecca, sansm, hto e\A npi/iHaA/ie>KaT npa- 
Ba Ha HacTb KOAa Net/2. B oiBei BepK/ii/i Bbi- 
nycTM/i BepcMio 4.4BSD-Lite, KOTopa^i 6bma 
oBt^iB/iena no;iHocTbio «cbo6oahom»; BceM 
no;ib30BaTe;i5iM Net/2 peKONieHAOBa/iocb ne- 
peMTM i/iMeHHo Ha 3iy Bepcmo. 3 to >Ke Kaca- 
;iocb 1/1 FreeBSD — npoeKiy 6b\no Aano BpeM5i 
AO KOHua mo;i5i 1994 roAa A-h^i npeKpaiAeHi/i5i 
BbinycKa Bepci/iM AUCipi/iByiMBa, 6a3npyio- 
iAeMC5i Ha ocHOBe Net/2. 

FreeBSD npi/iiu;iocb npi/iciyni/iTb k «6yKBa;ib- 
Ho no;iHOMy i/i3o6peTeHmo ce65i H3 a6co;iiOTHo 
HOBOM M AOBo;ibHO Heno/iHOM CMCieMbi 4.4BSD- 
Lite» (ui/iTaia i/i3 Flandbook — ocjDi/iAna;ibHoro 
pyKOBOACTBa no;ib30BaTe;i5i FreeBSD). Hio6bi 
BbinycTMTb HOByio Bepcmo, noHaAo6n;iocb noH- 
TM no;iroAa. B aBrycie 1996 roAa Bbiiu;ia b cbot 


BepcM5i 2.1.5, KOTopa5i 3aBoeBa;ia 6o;ibiuyio no- 
ny;i5ipHOCTb cpeAM i/iHiepHeT-npoBaPiAepoB. 
TorAa >Ke npoi/i30iu;io m BeiB/ieHMe b AepeBe 
pa3pa6oTKi/i: ho 5 ibm;ic 5 i nepBbiPi ocj)MAMa;ibHO 
CTa6i/i;ibHbm pe;iM3 — 2.1-Stable. 

BepcM5i 3.0, 5iBMBiua5iC5i jiorMHecKMM npo- 
AO/DKeHMeM pa3BMTM51 BeiBM 2.2, Bbim/ia B 
CBei B OKT5i6pe 1998 roAa. FlpM 3 tom onepeA- 
Hoe BeiB/ieHMe b AepeBe paapaboiKM npon30- 
m;io Hepe3 ipM Mec5iua noc/ie 3Toro — no- 
5iBn;iMCb BeiKM 4.0-Current m 3.x-Stable. 

B BeiKe 3.x-Stable 6bmo mecib pe;iM30 B (toh- 
Hee, pe;iM30B 6bmo n^iib, c 3.1 no 3.5, a mec- 
TOM npeACTaB/i5i;i co 6 om neKOiopoe obnoB/ie- 
HMe npeAbiAymero m coAep>Ka;i McnpaB/ieHM5i 
B o6;iacTM 6e3onacHocTH Kerberos). 

rioc/ieAHee BeiB/ieHMe b AepeBe npoeKia 
6bmo Bbino/iHeHO 13 Mapia 2000 roAa, 6;iaro- 
Aap5i HeMy no^iamiacb BeiKa 4.x-Stable, 
K)iAa5iC5i ocf)MAMa;ibHO ciabmibHOM BeiKOM 
(noc/ieAHMM pe;iM3 H3 nee — 4.10-Release — 
AaTMpyeiC5i MaeM 2004 roAa). A bot nepBbm 
pe/iM3 5.x 6bi/i anoHCMpoBan lo/ibKO nepea 
ipM roAa — 19 5iHBap5i 2003 roAa. FlpHHHHy 
laKOM 3aAep>KKM M0>KH0 obt^lCHHTb leM, HTO 
HaHMHa5i c 3Toro pe/iM3a 6bi/i b35it Kypc na 
noAAep>KKy MHoronpoueccopnocTM, noTOKOB b 
npn;io>KeHM5ix, m annapaiHbix n;iaTc|DopM 
UltraSPARC m IA64. 

B HaCT05UAMM MOMeHT npHH51TO CHMiaib 
pe;iM3bi 4.x «npoMbiiu;ieHHbiMM» (production), 
a 5.x — «HOBbiMM iexHo;iorMHecKMMM» (new 
technology). Co BpeMeneM 5.x-Current aan- 
Mei MecTO 4.x-Stable, a Beixa 6.x-Current 
CTanei no/inroHOM obKaiKM HOBoro npo- 
rpaMMHoro o6ecneHeHH5i. 


FreeBSD; \\em, JiMqeHSMM 

M npMHMMnbi paSBMTMfl 

«Lle;ibK) npoeKia FreeBSD 5iB;i5ieTC5i npeAO- 
ciaB/ieHMe nporpaMMHoro o6ecneHeHH5i, ko- 
lopoe MO>KeT 6biib Mcno/ibaoBano ;no6bix 
[\ene\A m 6ea Aono/iHMie/ibHbix orpaHHHeHMM» 
(UMTaia M3 pyKOBOACTBa no;ib30BaTe;i5i). 

ynacTHMKM npoeKia npeAnoHMiaiOT mc- 
no/ibaoBaib nporpaMMHoe obecneneHMe, npe- 
AOCiaB/i5ieMoe noA /iMueH3M5iMM BSD. 3io 
no3Bo;i5ieT Maberaib Aono/iHMie/ibHbix c/io>k- 
HocieM, KOTopbie Moryi no5iBMTbC5i npM kom- 
MepnecKOM Mcno/ibaoBaHMM GPL-npoAyKiOB. 

Ka>KAbiM npoeKT BHyipM FreeBSD noAAep- 
>KMBaeT nyb/iMHHO Aociynnoe Aepeao mcxoa- 
Hbix leKCTOB nporpaMM. Flpn noMOiAM CVS 
(Concurrent Versions System) mo>kho no/iy- 
HMib Aociyn K KOAy npoeKia, ero AOKyMenia- 
i\m M BcnoMoraie/ibHbiM cfiaM/iaM. 3io no3BO- 
;i5ieT no;ib30BaTe;i5iM b ;ho6om momohi 
no/iyHMib KonMfo AepeBa /iioboro m 3 npoeKTOB 
M/IM CMCTOMbl B AO/IOM. BceX, KTO B TOM M/IM 
MHOM Mepe ynacTByei b paapaboTKe FreeBSD, 
MO>KHo pa3Ae;iMTb Ha ipM KaieropMM: 

► KoHipMbbfOTopbi (contributors) — le, 

KTO nMiuei KOA M/iM AOKyMeHiauMfo, ho He 
MMeei npaaa bhocmib M3MeHeHM5i nenocpeA- 
CTBeHHo B AepeBO paapaboTKM. Ohm to/ibko 
npeAOCiaB;i5UOT M3MeHeHM5i m Aono/iHeHM5i k 
KOA y, a pemeHMe o6 mx BHeceHMM npMHMMa- 
fOT KOMMMTiepbl. 

► KoMMMTiepbi (committers) — ynaciHMKM 
rpynnbi paapaboiKM, MMeioiAMe npaBO aanMCM 
B AepeBO CVS. KaK npaBM/io, KOMMMiiep caM 
pemaei, HeobxoAMMO m eny noATBep>KAeHMe 
01 ApyrMx ynacTHMKOB npoeKia BHeceHM5i 
M3MeHeHMM B KOA- Ec/IM M3MeHeHM51 B K0A6 
MMeiOT AaJieKO MAyiAMe noc;ieACTBM5i, npoBO- 
AMTC51 npeABapMie/ibHoe o6cy>KAeHMe. Boa- 
MO>KHbi c/iynaM, KorAa H/ieH Core Team, Bbino/i- 
H5UOIAMM c|DyHKUMM apxMieKTopa npoeKia, ot- 
K/10H5ieT BHeceHHbie M3MeHeHM51. 

► Core Team — rpynna /iiOAeM, ynpaB/i5U0iAMx 
Ae5iTe;ibHOCTbK) paapaboiHMKOB FreeBSD. A6- 
co/ifoiHo HeiKO MX npaBa He onpeAe/ienbi, ho, 

KaK npaBM/io (xot5i m He ob^iaaie/ibHo), n/ien 
Core Team 5iB/i5ieTC5i TaK>Ke KOMMMiiepoM. 
ripaBM/ia, KOTOpbIMM pyKOBOACTByfOTC51 H/ieHbl 
Core Team, Moryi MeH5iTbC5i ot npoeKia k npo- 
eKiy, HO B obiAOM m ue/iOM mmohho ynaciHMKM » 
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8 # BBEflEHME/_ SHaKOMCTBOC FreeBSD 


» onepeAb He Ha /iMHHbix npeAnoHTeHH5ix, a na 
pesy/ibiaiax TiAaie/ibHoro ana/iMsa nocTae- 
/leHHOM saABHH. fleia/ibHoe cpaeneHMe xa- 
paKiepMCTHK FreeBSD m Windows MO>KeT sa- 
H51Tb HeCKO/lbKO CipaHMA, n03T0My KpaiKO oc- 
TaHOBMMC51 Ha OCHOBHbIX pa3/lMHM51X Me>KAy 
3TMMM CMCieMaMM: 

► Fpac|DMHecKMM HHTepcfieMC — HeoTbeM/ie- 
Ma5i HacTb Windows, ho FreeBSD npeKpacHO 
o6xoamtc5i m 6es Hero. PeAaKTMpoBaib koh- 
cfiMrypauMOHHbie cfiaM/ibi npM homoiam okoh He 
BcerAa yAo6no, m k TOMy >Ke nacib nacipoeK 
npi/i laKOM BMA6 peAaKTnpoBaHM5i 6biBaei ne- 
AOCiynHOM. rio3TOMy a^i^ BHeceHH5i Heo6xo- 
AMMblX MSMeneHHM B KOHC|DMrypaUMOHHbm 
cf)aM;i Jierne BOcno;ib30BaTbC5i npocibiM leKC- 
TOBbiM peAaKTopoM (3TO TaK>Ke ynpomaei 
yAa/ieHHoe aAMMHMCTpnpoBaHMe na MeA/ien- 
HblX /1MHM51X CB513M). KpOMe 3TOTO, npM OTCyi- 

CTBMM rpacfiMHecKOM o6o;iohkm Tpe6oBaHH5i k 
annapaiHbiM pecypcaM cepaepa CHH>KaK)TC5i. 

► OopMaibi xpaHeHM5i nacipoeK cMcieMbi b 
Windows m FreeBSD paa/iMHHbi. Windows 
Mcno/ibsyei A-n^i xpaHeHH5i AaHHbix peecipa 
ABOMHHbie cj)aM;ibi, lorAa kbk b FreeBSD 
KOHcj)MrypauMOHHbie nacipoMKH paa/iMHHbix 
c/iy>K6 xpaH5iTC5i B OTAe/ibHbix cj)aM;iax m, 

KaK npaBM/io, b leKCiOBOM bmac. FlpeMMy- 
mecTBa noc/ieAHero MeiOAa OHeBMAHbi: ec- 
jiM 4)aM;i peecipa Windows paapyiueH, cmc- 
leMa npi/ixoAMi b Hepa6onee coci05iHMe m 
npMX0AMiC5i Mcno/ib30Baib BHeujHi/ie mhci- 
pyMeHibi A-H51 BocciaHOB/ieHM5i peaepBHbix 
Koni/iM, a B c/iynae c FreeBSD nei/icnpaBHOM 
OKa>KeiC5i lo/ibKO la c/iy>K6a, cj)aM;i KoiopoM 
OKa3a/iC5i McnopneH. 

► FlApo onepauMOHHOM CMCieMbi Windows 5ib- 
;i5ieiC5i CBoero poAa «MOHo;imoM», Koiopbm 
HeB03M0>KH0 MOAMCjDMAI/ipOBaib 6e3 no;iHOM 3a- 
NieHbi Bepci/iM onepauMOHHOM ci/icieMbi. 

FreeBSD no3Bo;i5iei KOMnn;iMpoBaib HOBoe 5 ia- 
po, MaKCMMa/ibHO cooiBeiciByiomee iom anna- 
paiHOM n;iaicjDopMe, na KoiopoM padoiaei ci/ic- 
leMa. rioMMMO 3ioro, neodxoAMMOcib b aaNiene 
5iApa MO>Kei B03HMKaib B IOM c/iyHae, ec;ii/i b 
ero KOAe o6Hapy>KeHa «Abipa» b 6e3onacHocin. 

► ypoeeHb noAroiOBKM no;ib30Baie;ieM 
Windows m FreeBSD, Heo6xoAHMbm peme- 
Hm 3aAan cMcieMHoro aAMMHMcipnpoBaHM5i 
Hana/ibHoro ypoBH5i (nanpMMep, pasBepibiea- 
HMe OAHopanroBOM /lOKa/ibHoii cein), iaK>Ke 
HeoAMHaKOB. 3Aecb Windows MMeei neocno- 



Amckm c FreeBSD BbinycKaiOT MHO>KecTBO 
MSAaie/ieM, ho, b oi/iMHMe or Linux, amc- 
TpM6yTMB cosAaeTCB ueHipanHSOBaHHO 


pMMoe npeMMyiAeciBO nepeA FreeBSD, koio- 
poe, OAHaKO, MCHeaaei npM pemeHMM 6o;iee 
c;io>KHbix 3aAan. 

► /lnAeH3M5i FreeBSD — eme OAHa npMHMHa 
o6paiMib BHMMaHMe MMeHHo Ha 3iy onepauM- 
OHHyfo CMCieMy. B oi/iMHMe oi Windows, npM 
pa6oie c KoiopoM npMX0AHiC5i npno6peiaib 
;iMAeH3MM Ha Ka>KAoe ceieeoe noAK/ifoneHMe, 
FreeBSD He na/iaraei na cbomx no/ibaoeaie- 
/len laKMx orpaHMHeHMM. 

CpaBHeHMe FreeBSD m Linux 


ClOpOHHMKM Ka>KAOM M3 OnepaUMOHHbIX CMC- 
leM Moryi cnopMib ao xpMnoibi o npeMMyme- 
cieax MMeHHo ceoeii cMcieMbi m neAOCiaiKax 
ApyroM. neKoiopbix 3im cnopbi cia;iM 
CBoeo6pa3HbiM «cnopiOM». OnyciMM lexHMHe- 
CKMe Aeia/IM M OCiaHOBMMC51 Ha pa3/lMHM51X, 
KacafoiAMxc5i opraHMaauMOHHbix eonpocoe: 

► /lMAeH3M5i, Mcno;ib3yeMa5i b FreeBSD, He co- 
Aep>KMi laK HaabieaeMbix «nepeAafoiAMxc5i 
cbo6oa». Ona ne o65i3biBaei Bac oiKpbiaaib 
McxoAHbie leKCibi nporpaMM, ec/iM Bbi aioro 
He xoiMie. B oi/iMHMe oi BSD-;iMAeH3MM, GPL- 
;iMAeH3M5i ipe6yei npeAOCiaB/i5iib no nepBO- 
My ipe6oBaHMfo McxoAHbie leKCibi nporpaMM. 
ripM 3IOM OCHOBHa51 Ue/lb GPL-;iMAeH3MM — 
ci05iib Ha cipa>Ke MHiepecoB pa3pa6oiHMKOB, 
He no3Bo;i5i5i leM, kio ne b;io>km;i hm Kan/iM 
CBoero ipyAa b co3AaHMe KOAa, 3apa6aibiBaib 
Ha HeM. B 3IOM oiHomeHMM BSD-;iMAeH3M5i 
npo5iB;i5iei 6o;ibiue ;iM6epa;iM3Ma. 

► Ko/iMHeciBO AHcipM6bfoiopoB onepauMOH- 
HOM cMcieMbi Linux M3Mep5ieiC5i Aec5iiKaMM. 

B c/iynae c FreeBSD AHCipM6bfoiop oamh, m 
lo/ibKO OH pemaei, b kbkom nanpaB/ieHMM 
Heo6xoAMMO pa3BMBaibC5i. B Linux CMiyauM5i 



AMaMeipa/ibHO npoiMBono;io>KHa5i — Ka>K- 
AbiM npoM3BOAMie;ib bmami Aa/ibueMiuee paa- 
BMiMe CMCieMbi no-CBoeMy. 

► KoHipo/ib KOAa, nociynafoiAero b FreeBSD, 
ocyiAeciB;i5iei ochobhom cociaB paapaGoi- 
HMKOB, B 10 BpeM51 KBK B LinUX Ka>KAblM AUC- 
ipuGbfoiop KOHipo/iMpyei KaneciBO KOAa 
caM0Ci05iie;ibH0. Fle;ib35i CKaaaib, hio npo- 
peccbl KOHipO/151 nO/lHOCIbfO M30/lMp0BaHbl, 
HO Ka>KAa5i M3 KOMnaHMM, BbinycKafoiAMx 
Linux, caMa pemaei Bonpoc o BK/ifoneHMM 
lex M/iM MHbix «3an/iaiOK», Koiopbie Mcno/ib- 
3yfoi MX KO/i/ierM m;im KOHKypeHibi. FlonbiiKa 
C03Aaib yHMcj)MAMpoBaHHbiM Linux noKa He 
yBenna/iacb ycnexoM — npoeKi United 
Linux BbinyciM/i nepBbiM pe/iM3, ho Aa/ibme 
3ioro Ae/io He nom/io. B npMHUMne, Bonpoc 
0 IOM, Hb5i MOAe/ib paapaGoiKM /lynme, — 
BecbMa c/io>KHbiM M cnopHbiM. Ec/im paccMa- 
ipMBaib ero c hobmamm HaAe>KH0CiM, Bbmr- 
pbiBaei noAxoA FreeBSD Team. Flo c no3M- 
AMM 6bicipoibi paapaGoiKM, MOAe/ib, mc- 
no;ib3yeMa5i Linux-coo6iAeciBOM, Bbir;i5iAHT 
6o;iee npeAnoniMie/ibHOM. 

SaKJiioHeHMe 


Boiy>Ke 11 Jiei, KaK FreeBSD 5iB;i5ieiC5i saMei- 
HbiM MrpoKOM Ha pbiHKe onepaAMOHHbix cmc- 
leM M yxoAMib c Hero noKa ne co6MpaeiC5i. 
Cia6M;ibHocib cMcieMbi AOKaaana roAaMM 3kc- 
n/iyaiaAMM: noA ynpaB/ieHMOM FreeBSD pa6o- 
lafoi caMibi laKMx KOMnaHMM KaK Yahoo!, 
Netcraft, Sony Japan, Weathernews (mmohho 
B Weathernews Inc. pacno/iarafoic^i KOMUbfo- 
lepbi-peKopACMeHbi no nenpepbiBHOM pa6oie) 
M MHorMx ApyrMx. 

■ ■ ■ AjieKcaHAP KynpMH 
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» 3T0M rpynnbi onpeAe;i5iK)T Hanpae/ieHMe pas- 
BMTM51 onepauMOHHOM CMCieMbi FreeBSD. 

ripoeKT FreeBSD npeAOCTae/i^ieT no/ibsoea- 
Te/i5iM ipM pas/iMHHbix BapMaHia cMcieMbi. 
BepcM5iM npMCBanBaK)TC5i HOMepa (nanpHMep, 
3.5.1 M/IM 4.10), K KOTOpbIM A06aB/15ieTC51 
cycjDcjDMKC, yKasbiBafoiAMM Ha ue/iM aepcMM: 

► Current — Bepcn5i pa3pa6oTHHKOB (na- 
npMMep, FreeBSD 5.0-Current) — Bce HOBbie 
pa3pa6oTKM npoxoA^iT lecTHpoBaHMe MMeHHo 
Ha 3TOM BeiKe; 

► Release — Bepcn5i KoneHHbix no;ib30- 
Baie/ieM (xax npaBM/io, ona no5iB;i5ieTC5i paa b 
TpM-mecTb Mec5iueB); 

► Stable — BepcM5i FreeBSD, 5iB;i5iK)iAa5iC5i 
jiorMHecKMM npoAO/DKeHMeM BepcMM Release. 
Flo Mepe Toro, KaK b Release o6Hapy>KMBaK)T- 
C51 oium6km m b AepeBO CVS bhoc5itc5i n3MeHe- 

HM51, AHCTpn6yTMB nepeXOAMT Ha CiaAMfO 

Stable. B HacT05UAHM MOMeni oc|DMAMa;ibHO 
CTa6n;ibHOM BeiKOM 51B;i5ieTC51 4.x. 

floneHy FreeBSD? 

FreeBSD b po/iM cepeepa 

KaK M ;iio6a5i ceieBa^i onepauMOHHa^i ci/icie- 
Nia, FreeBSD npeA/iaraei nabop nporpaMM, 
KOTopbie no3Bo;i5UOT npeBpaiHTb KOMUbiOTep 
B yae/i, npeAOCiaB;i5UoiAMM HHTepneT-yc/iyrM: 
3/ieKTpoHHa5i noHia, Be6- \ajwa FTP-cepBep, 
cepBep AOMeHHbix MNien, cpeACiBa a^^ Mapiu- 
pyTM3aum/i m ceieBOM TpaHc;i5iui/iM aApecoB, 
npoKci/i-cepBep, ceieBOM axpan i/i t. n. KpoNie 
Toro, CBoboAHO pacnpocipaH5ieMbm naKei 
Samba no3Bo;i5ieT opraHi/iaoBaib na base 


FreeBSD cj)aM;iOBbm cepaep m cepaep nenaTM 
B ceiM Microsoft ;iMbo cosAaib PDC (Primary 
Domain Controller) a^^ ceiM Windows. Boa- 
MO>KHOCTi/i FreeBSD b po;ii/i cepBepa ceii/i 
Microsoft orpaHMHMBaiOTC5i To;ibKO bo3mo>k- 
HOCT51MM Samba. B HacT05UAi/iM momcht mact 
aKTi/iBHa5i paapaboTKa Samba 3. CpeAM nai/i- 
bo/iee anaHHMbix HOBOBBOAeni/iM aioro naxe- 
la c/ieAyei OTMeii/iTb noAAep>KKy Unicode b 
MM enax cj)aM;iOB (aio cymecTBeHHo ynpomaei 
xpaneHMe cj)aM;iOB c He/iaiMHCKHMM MNiena- 
Mi/i), i/iAeHTi/icj)MKaAmo no/ibaoBaie/iePi npM 
noMOiAi/i LDAP/Kerberos 5 m noAAep>KKy 
c;iy>Kbbi Kaia/ioroB Active Directory (xot5i le- 
KyiAa5i Bepci/151 Samba MO>KeT Bbiciynaib ;imub 
B po;ii/i H/iena AD). 

Ec/im AobaBMTb K aioMy B03M0>KH0CTb aa- 
nycKa na FreeBSD KaK KOMMepnecKMX, laK m 
CB oboAHO pacnpocipaH5ieMbix aepcMM SQL- 
cepaepoB, a TaK>Ke paboibi b cociaBe K/iacie- 
pa, CTaHOBMTC51 nOH51THO, HaCKO/lbKO lUMpOKMM 
Kpyr aaAan cnocobna pemaib FreeBSD. 

OAHaKO bo/ibiuoe KO/iMHeciBO Aociynnoro 
nporpaMMHoro obecneneHM^i He BcerAa Ae/ia- 
ei onepauMOHHyK) CMCieMy npHB/ieKaie/ib- 
HOM — ocobeHHO ec/iM OHa Bbiciynaei b po/in 
cepBepa. KaK ynoMHHa;iocb panee, oahmm ms 
OCHOBH bIX ipebOBaHMM K BSD bbUia yCTOMHM- 
BOCTb B paboie. Cor/iacHo AaHHbiM Net- 
craft.com no cocto5ihmk) na 21 mk)H5i 2004 ro- 
Aa, M3 50 Hanbo/iee npoAo;i>KMTe;ibHO paboia- 
foiAMx B l/lHiepHeie KOMUbfoiepoB mecib pa- 
boiafOT MMeHHO noA ynpaB/ieHMOM FreeBSD, 
npMHeM ABa m3 hmx aanuMafoi nepBbie Mecia 
M paboiafOT bea nepeaarpyaKM bo/iee 4,5 /lei. 


FreeBSD hb pa6oHeM cro/ie 

FreeBSD Bno/ine hoaxoamt na po/ib paboneM 
ciaHAMM, ec/iM penb ma6t o "cpeAHecTaiMCTM- 
HecKOM" CMcieMe, Koiopa^i Mcno/ibayera 
paboTbi B l/lHiepHeie m obpaboiKM leKcio- 
BOM MHCjDOpMaUMM. 3A6Cb, KBK M B bo/lblUMHCT- 
Be Unix-noAobHbix onepauMOHHbix CMCieM, 
rpacfiMHecKMM MHiepcfieMC npeACiaB/ien cpe- 
AOM X Window System. flApo X-cepeepa npM- 

MMTMBHO M He ob/iaAaei bo/lblUMM KO/lMHeCIBOM 
CfiyHKUMOHa/lbHblX B03M0>KH0CTeM, nOSTOMy cy- 
mecTByei cneuMa/ibHbiM luiacc nporpaMM — 
AMcneiHepbi okoh (m;im OKOHHbie MeneA>Ke- 
pbi), KOTopbie ynpomafOT paboiy no/ibaoBaie- 
/leM. YnpomeHHbie oKOHHbie MeneA>Kepbi cno- 
cobHbi paboiaib na Ma/iOMOiAHbix KOMUbfoie- 
pax, HO ecTb M OKOHHbie cpeAbi, no yAobciay 
Mcno;ib30BaHM5i cpaBHMMbie c Windows. 3to 
npoeKTbi KDE m GNOME. 

B KanecTBe oahofo m 3 ocfiMCHbix naKeiOB 
B FreeBSD MO>KeT Mcno/ibaoBaibc^i OpenOffice, 
cnocobHbiM B35iTb Ha ceb5i bo/ibiuyio nacib 
c|DyHKUMM Microsoft Office. KoHenno, ec/iM 
peHb MA6T 0 aanycKe nporpaMM, ana/ioroB ko- 
TopbiM B FreeBSD Her (nanpMMep, aio bkimbho 
M cno;ib3yK)iAMec5i ceroAH5i npoAyKibi KOMna- 
HMM 1C), npMXOAMTC51 OTKa3blBaTbC51 OT HaMe- 
peHM5i Mcno/ibaoBaib 3iy onepauMOHHyio cmc- 
leMy Ha nacTO/ibHOM KOMUbfoiepe. 

FreeBSD us. Iilindous 

FleobxoAMMO noHMMaib, hto Bbibop onepauM- 
OHHOM CMCieMbl A^^ peiUeHM51 TOM M/IM MHOM 
aaAaHM ao/dkoh ocHOBbiBaibc^i b nepByio » 
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C cepBepoMM HP HQ 6a3e npoi^eccopoB Intel® Xeon™ 

BOLu 6n3Hec cnoco6eH HQ 6onbLuee! 


Cepsepbi HP ProLiant ML150 m DL140 pa3pa6oTQHbi c yneroM Tpe6oBaHkiki Monoro ki cpeflHero 6n3Heca. PacLUkip5ieMbie MOflenki 
HP ProLiant ML150 m DL140, ocHameHHbie npoi^eccopaMii Intel® Xeon™, 6yflyT pacTM BMecre c BaiiiMM 6n3HecoM. Mx BbicoKa5i 
HaflexHOCTb M npoM3BOflkiTenbHOCTb — 3TO Bama yBepeHHOCTb b 6yflyLMHx ycnexax. HP ProLiant ML150 — cepsep HananbHoro 
ypoBH5i. MoLMHOCTb flByx npoi^eccopoB Intel® Xeon™ m BOSMOxHocib yciaHOBKH oniiMM ipeibHx <j)MpM. HP ProLiant DL140 — tomkhm 
CT oeHHbiM cepsep BbicoTOM 1 U. 06naflaei rn6KOki KOH<j)MrypaLiMeM, noflflepxMBaei flo flsyx npoi^eccopoB Intel® Xeon™. Bbi6epnTe 
cepBepbi HP ProLiant ho 6o3e npoi^eccopoB Intel® Xeon™ — nosBonbie nepeflOBbiM lexHonorHJiM padoraib ho sac! 



HP PROLIANT ML150 


$1599 


PeKOMeHflyeMQsi posHUMHasi Mena 
HQ cepsep MLl 50 c flpoueccopoM 
Intel® Xeon™ 2,80 256 Mb homsith, 

flHCKOM 36 fb Ultra 320 SCSI 

C B03M0XH0CTbK) fOpsiMePi 3aMeHbl. 


flo 2 ripouieccopoB Intel® Xeon™ 2,40/2,80 TTn 

Abo BapnQHTa nocTOBKH — fln5i auckob 
c/6e3 ropjiHe^ saMSHbi 

flonycKoera ycTOHOBKO onLiuM rpeibnx c()npM 

riaM5iTb flo 1 2 fb SDRAM 


klHTerpUpOBQHHblM flByXKQHQnbHblkl KOHTpOnnep 

SCSI Ultra 320 


BHyrpeHHue HaKonmenn flo 730 fb ATA 





HP PROLIANT DL140 


$1475 


PeKOMeHflyeMasi po 3 HHMHa 5 i i^ena 
HQ cepsep DL 140 c flpoueccopoM 
Intel® Xeon™ 2,40 512 Mb noMsiTu, 

AUCKOM 80 fb Ultra ATA/ 100 . 


• flo 2 ripoueccopoB Intel® Xeon™ 2,80/3,20 

• Bbicora cepBepa 1 U 

• PaciunpeHHa5i samuTa noMJiTH Advanced ECC 

• riaMJiTb flo 4 fb SDRAM 

• BhyipeHMue HOKonuTenn flo 320 fb ATA 



invent 


flo 31 n^l^Cl6p5l 2004 rona, noKyno5i cepBepbi HP ProLiant 
DL140, MLl 50, ocHaifleHHbie npoueccopoMM Intel® Xeon™, 

Bbi MOKOTe nonyHMTb CKMflKy 20% ho Microsoft® Windows® Small 
Business Server 2003. 

TEH. 

8 800 200 3 500 sbohok 6ecnnaTHbiM 

CAMT 

www.hp.ru/promo/proliant&sbs 



1 XEON. 


Haiui/i napTHepbi: BojirorpaA: Bkc flpo (8442) 36-92-32, Te/iecro (8442) 34-58-90, VOGS'S (8442) 90-00-70; EKaTepnH6ypr: ACM-a/ieKipoHUKa (343) 378-31-23, ACfl (343) 370-67-05, fleKOM KC (343) 217-91-97, 
flnA)KMTeK (343) 377-74-07, Kaocc Cepences KopnopeMiuH (343) 216-17-01, KoMnbioTep 6es npoO/ieivi (343) 355-30-04, Kopyc AKC (343) 376-23-00, Kpona KC (343) 242-35-61, HoeaKOM (343) 263-74-66, riapaA-KoMnbioTepHbie 
TexHOJioruM (343) 257-52-08, npoMaBTOMaTHsaL^nyi 2002 (343) 257-20-88, TpmiaPiH (343) 378-70-70, Gp-CTaM/i-VpaJi (343) 261-60-86, IO-Tm-Am (343) 365-81-09; MpKyTCK: Atom (3952) 51-17-45, CaMOnpm (3952) 25-81-28; 
KasaHb: A6aK-L(eHTp (8432) 72-97-21, Oopr fli/iajior (8432) 95-23-69, ICL-KnO BC (8432) 73-24-43; KeiviepoBo: KysOaccKuPi KoMnbioTepHbiM l^ghtp (3842) 58-10-23; KwpoB: Bi/it (8332) 64-04-10, HaxoflKa-Ki/ipoB (8332) 57-71-15; 
KpacHOflpcK: CuHTes-H (3912) 55-55-19; KpacHOAap: BusHec KoMnbioTep GeHip - lOr (8612) 64-04-50, l/lHTepxpaMT (8612) 60-56-75; Hhmhhm Hobfopoa: Bi/ict-HH (8312) 17-45-07, Jll/IK-H (8312) 34-27-70; HoBopoccMiiCK: 
3jibAopaAO HoBopoccMMCK (8617) 63-01-26; HoBOKysHeAK: Bm-Tex (3843) 74-07-70; Hobocm6mpck: l/lHiepjiMHK (3832) 34-44-44, KapAHHa/i (3832) 10-62-02, HoHOJier (3832) 35-65-35, H3TA (3832) 10-65-04, Cm6b3m (3832) 17-38- 
17; CmOkoh (3832) 23-23-92; Omck: CuOupcKuPi KOMnbioTep (3812) 30-66-93, CuOupcKuPi MeABeAb (3812) 30-12-65; flepwib: HnO l/lHAyKUnyi (3422) 69-35-43, H3TA (3422) 12-01-91; PocTOB-Ha-flOHy: l/lHcfiopMaTMKa (8632) 99-01-01, 
TexHonojiMC (8632) 61-86-17, cpopre (8632) 67-68-10, CREDITCARD (8632) 64-47-33, R-Style (8632) 52-48-13; Cypryi: TexHorpeMA (3462) 24-19-99; Caiviapa: >Ke;ie3Haji JiornKa (8462) 79-02-25, Ki/i6epKy6 (8462) 42-50-23, 
KocdlJiioc (8462) 51-96-00, Kpac}]T-C (8462) 41-24-12, MflCKOHipoji (8462) 24-01-12, Hlin Bi/iHap (8462) 70-50-45, ripanvia (8462) 70-17-01; CapaiOB: CoBpeivieHHbie TexHOJion/ii/i (8452) 45-00-45, TexHocepe (8452) 28-36-09; 
TaraHpor: CTHHC-Taranpor (8634) 31-11-00; Tomck: l/lHiaHT (3822) 56-16-01; TojibrnM: ApT3K (8482) 70-60-70, Coc}]t3kc (8482) 42-07-59, Cnawc (8482) 22-86-15, ToncBI/l (8482) 42-09-09; TtOMeHb: ApceHaji+ (3452) 46-47-74, 
CAT LTD (3452) 41-16-63; Y/ibAHOBCK: AnpeJib (8422) 31-83-72, Ci/iM6i/ipcK M+ (8422) 42-00-03; Ytlta: BaHKOC (3472) 79-81-00, Bi/i3Hec-coc}]T (3472) 77-14-70, fpi/iT (3472) 51-69-99: HejiflfiMHCK: Ajinac (3512) 37-88-96, 
Acrpa CT (3512) 63-00-75, HTLlTlornc (3512) 41-01-81, SjieKipoHHbie MUKpocucreMbi (3512) 60-56-70; JlKyiCK: 3jibc})-95 (4112) 45-73-33. 

© 2004 Hewlett-Packard Development Company, L.P. Intel, Xeon, Intel Inside n norornn Intel Inside nejunoTcn saperncTpnpoBaHHbiivm TOBapHbiivm snaKaivm Kopnopaitnn Intel n ee AonepHMx KOMnaHMPi b CLUA m Apyrnx crpanax. 

Bee npaea sammiteHbi. Toeap cepTMcttmtnpoBaH. 
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# MHCTA/inJlUMJl M HACTPOMKA/_ yciaHOBKa FreeBSD 



llOCTOflHHafl 

nponMCKa/_ 


noiuaroBbie penoMeHAai^Mi^ 

VCTaHOBKa — OflMH M3 Ba>KHeMlUMX 3TanOB B >KM3HeHH0M UMKA6 ;ilo6oM 
onepauMOHHOM CMcreMbi. Ot tofo, HacKOAbKO npaBMAbHO OHa cn;iaHM- 
poBana, aaBMCMT oneHb MHoroe. B nepayto onepeflb 3 to othocmtcb k 
paaNieiKe >KecTKoro AUCKa — ec;iM ona Bbino/iHeHa rpaMoiHo, b Aa;ib- 
HeMUjeM y Bac He ao;i>kho BoaHMKHyib oco6bix npo6;ieM. 


n peA TGM K3K npMCTynaib K MHCTa/Ul^lUMM, 
AaeaMie onpeAe;iMMC5i: rAe, co6cTBeHHo, 
MO>KHO AOCiaib AHCTpn 6 yTMB CB 06 OAHO 
pacnpocTpaH 5 ieMOM OC FreeBSD. Cnoco 6 oB cy- 
mecTByei kbk MMHMMyM ABa. 

1. MHiepHei. 3Toro BaM noHaAo6nTC5i 
KaHa/i AOCTaTOHHO 6o;ibiuoM nponycKHOM cno- 
co6hoctm. HTo6bi He neperpy>KaTb ceib, cia- 
paMiecb Mcno/ibsoBaib sepKa/ia cania npoeK- 
la FreeBSD, KOTopbie pacno;io>KeHbi 6;iM>Ke 
Bcero K BaM. Chmcok sepKa/i Bbi HaMAeie b 
npn;io>KeHm/i A «PyKOBOACTBa FreeBSD» (Aa- 
jiee Flandbook): http://www.freebsd.org/ 
doc/ru_RU.K0I8-R/books/handbook/ 
index. htmL Ec/im Bbi cKanaeie ISO-obpas, He 
sabyAbie npoBepmb ero KOHipo/ibnyfo cyMMy 
(MD5). rioAobHbie nporpaMMbi cymecTByfOT 
KaK Unix, laK m DOS/Windows; ohm 
no3Bo;i5iK)T y6eAMTbC5i b tom, hto AaHHbie 6bi- 
m npMH5iTbi 6es MCKa>KeHMM (c/iynaMHbix m;im 
npeAHaMepeHHbix). Flpn 3 tom MHcfiopMauMK) o 


KOHipo/ibHbix cyMMax pasyMHee 6paib m 3 
nepBOMCTOHHMKa: ftp://ftp.freebsd.org/ 
pub/FreeBSD/reLeases/i386/IS0-IMAGES/ 
4.10/CHECKSUMS.MD5. 

2. OHJiaMH-nocTaeiAMKM. Ec/im Bac 3 to 
0 Ka>KeTC 5 i yAobHee m/im BbiroAHee, Bbi MO>Ke- 
le 3 aKa 3 aTb FreeBSD b MHTepHei-MarasMHe, 
cneuMa/iM 3 MpyK)iAeMC 5 i Ha npoAa>Ke cbo 6 oa- 
Horo no. FlaMbo/iee M 3 BecTHbi cpeAM laKMx 
MarasMHOB naieppMTopMM CFIF poccmmckmm 
LinuxCenter.RU m yKpaMHCKMM Lafox.NET. 

Ec/im mx yc/iyrM Bac hcm-to He ycipaMBaiOT, 
obpaiMTecb 3 a coaeioM k GoogLe m/im /ik) 6 om 
A pyroM noMCKOBOM CMcieMe, nabpaB coot- 
BeiCTByioiAMM aanpoc. 

npenBapMTe/ibHafl noflroroBKa 

C6op MH(|)OpMaMMM 

ripe>KAe HeM npMciynMTb k ycianoBKe, neob- 
XOAMMO cobpaib MHcfiopMauMfo ob annapai- » 


CHIP 


SPECIAL 


N5 8 / 2 0 0 4 
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» HOM KOHcfiMrypauMM KOMnbfoiepa. KaK mmhm- 
MyM, BaM noHaAo65iTC5i CBeAeHH5i: 

► 0 ceieBOM Kapie (npoMSBOAme/ib, HHncei). 
Ec/im 3TO ISA-Kapia, Heo6xoAHMO BbmcHMTb 
HOMep nopia BBOAa-BbiBOAa m HOMep npepbi- 
BaHM5i, KOTopbie OHa Mcno/ibsyei. 

► 0 MOAeMe: ec/iM oh BCipoeHHbm, Hy>KHO 
yTOHHMTb, KaKoe npepbiBaHMe oh Mcno/ibsy- 
ei; ec/iM >Ke moacm noAK/ifonaeic^i k noc/ie- 
AOBaie/ibHOMy nopiy, h6o6xoammo snaib HO- 
Mep nopia (COMl m;im COM2). 

► 0 napaMeipax ceieBoro noAK/ifoneHM^i (IP- 
aApec M MM51 BameM MaiuMHbi, MacKa noAceiM, 
IP-aApec DNS-cepaepa m m/ifosa no yMO/ina- 
HMfo, MM51 AOMena). 

riocKO/ibKy B AaHHOM ciaibe Mbi 6yAeM 
paccMaipHBaib ycianoBKy FreeBSD b KaneciBe 
CepBepa, Heo6xOAHMOCTM B TBKMX >KM3HeHHO 
Ba>KHblX AaHHbIX HaCipOMKM rpac|DMHeCKOM 
noACMCieMbi, KaK nHc|DopMauM5i 0 BMAeoKapie 
M MOAe/lM MOHMTOpa, y Hac He BOSHMKHei. 
Bo3mo>kho, b Aa/ibHeMiueM noHaAo6mc5i yKa- 
3aib napaMeipbi noAK/ifoneHi/i^i Mbimi/i (PS/2, 
Serial, Bus), a b c/iynae c noAK/ifoneHMeM k 
noc/ieAOBaie/ibHOMy nopiy — HOMep nopia. 
OAHaKO 6o;ibiuMHciBa MOAe/ieu pacnoana- 
BaHi/ie npoMcxoAMi aBioMaiMHecKM. 

Ec;im Bbi He yaepenbi b iom, hio FreeBSD 
noAAep>KMBaei o6opyAOBaHne, yciaHOB/ien- 
Hoe Ha BameM EIK, o6pamaMiecb k cnMCKy 
coBMeciMMoro o6opyAOBaHM5i pe;iM3a 
4.10 (ftp://ftp.freebsd.org/pub/FreeBSD/re- 
Leases/i386/4.10-RELEASE/HARDWARE.HTM). 

flOArOTOBKa flMCKOBOrO npOCTpBHCTBB 

Ec/im Bbi npoM3BOAMie ycianoBKy FreeBSD na 
«HMCibiM» AUCK, 3101 pasAe/i MO)KHO nponyc- 
iMib. B npoiMBHOM c/iynae b3m neobxoAMMO 
pemMib npo6/ieMy BbiAe/ieHM/i CBoboAHoro 


AMCKOBoro npocipanciBa. 3anoMHMie r/iaBHoe 
yc/iOBMe — ycianoBKM FreeBSD neo6xo- 
AMM CBoboAHbiM nepBMHHbiM pasAe/i. 

y nepcoHa/ibHbix KOMnbfoiepoB nepBbiM 
ceKiop >KeciKoro ahckb nasbiBaeic/i r/iaBHOM 
3arpy30HH0M aanMCbfo (MBR — Master Boot 
Record). Oh cociomi m 3 Aayx nacieM — KOAa 
3arpy3HMKa OC m lab/iMUbi pasAe/iOB (partition 
table). ripM 3I0M lab/iMua pasAe/iOB no3BO/i/iei 
pasMeciMib Bcero neibipe aanucM c MHcfiopMa- 
UMeM 0 pasMeiKe. Hio6bi o6omim noAobnoe or- 
paHMHeHMe, Mcno/ibsyfoic/i laK nasbiBaeMbie 
pacmMpeHHbie (extended) pasAe/ibi. 3io CBoe- 
ro poAa «MaipemKM» — mx nepBbiM ceKiop co- 
Aep>KMi CBOfo lab/iMuy pasAe/iOB. OrpaHMHeHMe 
OAHOM lab/lMAbl HeibipbM51 3anMC51MM coxpaH5i- 
eiC5i, noaiOMy b iom c/iynae, ec/iM Mcno/ibsyei- 
C51 6o/iee neibipex pasAe/iOB, nporpaMMa pas- 
MeiKM ahckob c|DopMMpyei uenoHKy m 3 
pacmnpeHHbix pasAe/iOB, B/io>KeHHbix Apyr b 
A pyra. PasAe/ibi, MHcfiopMauM/i o reoMeipuM ko- 
lopbix pacno/iaraeic/1 HenocpeACiBenno b ia6- 
pasAe/iOB MBR, naabiBafoi nepBMHHbiMM 
(primary), l/lx MaKCMMa/ibHoe ko/imhocibo paB- 
Ho KO/iMHeciBy sanMceM b lab/iMue (neibipe). 

Ec/im Ha BameM KOMnbfoiepe ycianoB/iena 
OC Windows, lo npe>KAe hom BOcno/ib30Baibc/i 
OAHOM M3 nporpaMM nepepaaMeiKM ahckob, 
Hy>KHO Bbino/iHMib c/ieAyK)iAMe AeMciBM/i: 

► ripoBepMib ue/iociHocib cfiaM/ioBOM cMcie- 
Mbi — A-n/1 3ioro BOcno/ib3yMiecb nporpaM- 
MOM Scandisk («Mom KOMnbfoiep» ^ «Cbomci- 
Ba AHCKa» ^ «CepBMc» ^ «ripoBepKa ahc- 
Ka»). 3ia onepauM5i HeobxoAMMa ycipa- 
HeHM5i uenoHKM noiep/iHHbix K/iaciepoB m, npM 
HeobxoAMMOCiM, npoBepKM noBepxHociM ahc- 
Ka Ha Ha/iMHMe cboMHbix 6 /iokob. 

► Co3A3ib peaepBHbie kohmm Ba>KHbix AaHHbix 
M CKonMpoBaib MX Ha BHemHMe hocmio/im. Cy- 


meciByei Bepo/iiHocib loro, hio KOMnbfoiep 
«3aBMCHei» M/iM 0Ka>KeiC5i obecioneH b ioi 
MOM eHi, KOTAa byAei npoM3BOAMibc/i M3Mene- 
HMe pasMepa A^CKa. floaiOMy nei CMbic/ia pM- 
CKOBaib AaHHbiMM, noiep/1 Koiopbix sac 

He>Ke/iaie/ibHa. 

► flecfiparMeHiMpoBaib npocipanciBO / iotm- 
HecKoro AHCKa npM noMOiAM nporpaMMbi 
Defrag («Mom KOMnbfoiep» ^ «CB 0 MciBa ahc- 
Ka» ^ «CepBMc» ^ «flec|)parMeHiauM5i ahc- 
Ka»). 3ia onepauM/1 no3BO/iMi «noABMHyib» 
c|)aM/ibi K Hana/iy pa3Ae/ia, leM caMbiM npeAO- 
ciaBMB 6o/ibme CBoboAHoro Mecia paa- 

Ae/ia noA FreeBSD. 

CaMbiM npocibiM byAei aapMani Mcno/ib30- 
BaHM5i nporpaMM c rpacfiMHecKOM o6o/iohkom. 

B cpeAe Windows cpeAM hmx Hanbo/iee M3Beci- 
Hbi Partition Magic m Acronis Partition Expert. 

FIPS 

B IOM c/iynae, ec/iM Bbi xoiMie MSMeHMib pas- 
Mep lo/ibKO FAT- M nepBMHHoro pasAe/ia m He 
MMeeie bo3mo>khocim Mcno/ib30Baib PM m/im 
APE, MO)KHO npMbernyib Kyc/iyraM nporpaMMbi 
FIPS, KOiopa/1 npeKpacHO cnpaa/i/ieic/i c cfiynK- 
AM51MM M3MeHeHM5i reoMOipMM FAT-pasAe/lOB 
6e3 noiepM AaHHbix. FIPS Bbi naMAeie b noAKa- 
la/iore tools aarpyaoHHoro A^CKa FreeBSD: 
tools/fips.exe. YnMibiBa/i, hio FIPS AO/i>KHa 
MMeib no/iHbiM Aociyn k AUCKy, BaM npMAeic/i 
neperpy3MibC5i b OAHono/ibsoBaie/ibCKyio cpe- 
Ay MS-DOS. rio cpaBHeHMKD c ana/iorMHHbiMM 
nporpaMMBMM, paboiaioiAMMM b kohco/im, FIPS 
HaciMHHO aBiOMaiM3Mpyei npouecc nepepaa- 
MeiKM, HIO ob/iernaei paboiy c hom. 

l/liaK, Boi HIO HeobxoAMMO CAe/iaib npM pa- 
6oie c FIPS: nepeMAMie b noAKaia/ior, pac- 
no/io>KeHa nporpaMMa, m aanyciMie ee. Bbi yBM- 
AMie npMr/iameHMe. Ha>KMMie /iiobyio K/iaBMmy. » 


PB q M Trm'Wn iBpqB|li>i ih |bb q.««CPpiiBp ub q#a| 

-UM Ilui 41# mfm +WI-N 

Op 4I h-r iff -L>J» vq-^ p- M. IMN- 

tmt cfa^Hihi 4«p BIB iTIiia l-M 

iJL-i I p, 

IM^B I pMHBJrB IBI-I I I IBITBB I i^ lJL ■■ 1 1 lB»tf il 
kiPP 4 q> ■P'4 Ib+IbI I ■ i i-ui. Ilw Ibm (ujil I 

0 «.bq»i I*. lijlBMpIP 
M Bvpx inp<Bll >^jl|r*fi-i 1^ 
iBLNliiriirt |q|i|<it I ii*ta« .rt 

imlmi -I-kvb 

UiWMFfBq VBlIlU-i |ih1 I I IbI* IUb H4PKIB 
li|41i’ tMAM I h 'Ttffm '4.r iFBrq 

Mi, 

L4i4i B^javii iiuqpli I i.i4 j rpiPii I BP 
■ l«Bi4ru ul Ip* I Ip^ 


t iill iBBiBlh 

BHeiiJHiiM BMA sysinstall OT/iMHaercB npocToroM m crporocTbio 
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# MHCTA/l/iyiUM 51 M HACTPOMKA/_ yciaHOBKa FreeBSD 


» Ec/im b BameM KOMnbfoiepe yciaHOB/ieHo 6o;iee 
OAHoro >KecTKoro A^CKa, FIPS npeA/io>KMT Bbi- 
6paib >KeCTKMM amck (UMCfipbl 1, 2, 3 M T. A-)- 
riporpaMMa noKa>KeT Ban coAep>KMMoe Ta6;iM- 
Ubi pasAe/iOB. Ec/im pasAe/iOB HecKO/ibKO, Bbi6e- 
pMie nop/iAKOBbiM HOMep Toro ms hmx, pasMep 
KOTOporO Bbl XOTMie MSMeHMTb (OT 1 AO 4.). 

rioc/ie SToro FIPS noKa/Kei MHcj/opMauMfo o 
pasAe/ie m npeA/io>KMT coxpaHMib AaHHbie Kop- 
HCBoro M sarpysoHHoro pasAe/iOB Ha AHCKeie. 
PeKOMeHAyeic/i CAe/iaib pesepBHyfo KonMfo. 

3aT6M nporpaMMa bbihmc/imt MMHMMa/ibHbiM 
pasMep, KOTopbiM 6yA6T saHMMaib "oKMMae- 
MbiM" pasAe/i (HacKO/ibKO cM/ibHo M0)KH0 ero 
OKaib, saBMCMT OT Toro, Bbino/iH/i/iacb m ne- 
peA 3TMM Aec|)parMeHTauM5i). Tenepb, Mcno/ib- 
sy/i K/iaBMiuM ynpaB/ieHM/1 KypcopoM Left m 
R ight Bbi6epMTe pasMep hoboto pasAe- 
na. riepeA eaMM 6yAei napa HMce/i: c/ieaa — 
HOBbiM pasMep ciaporo pasAe/ia, cnpaBa — 
pasMep cosAaBaeMoro pasAe/ia. C noMoiAbfo 
K/iaBMiuM Enter noATBepAMie Bbi6op. 

nporpaMMa OTo6pasMT MHcfiopMauMK) b ia6- 
pasAe/iOB cyneiOM MSMeneHMM. Ec/im Bbi 
cor/iacHbi, Ha>KMMTe C, a saieM Enter; ec/iM >Ke 
Her — R, M Bbl BepHeiecb k nyHKiy 3. B pesy/ib- 
laie 6yA6T cosAaH nepBMHHbm FAT-pasAe/i, ko- 
TopbiM B Aa/ibHeMiueM npM yciaHOBKe mo>kho 
yAa/iMTb M pasMecTMTb Ha ero Mecie FreeBSD. 

Ba>KHO He sanMCbiBaib HMHero na >KecTKMM 
AMCK AO nepesarpysKM CMCieMbi: He sa6biBaM- 
le, HTO DOS «He SHaeT», hto Ta6/iMua pasAe/iOB 
MSMeHM/iacb, nosTOMy cpasy no OKonnaHMM pa- 
6oTbi c FIPS nepesarpysMiecb. Hoc/ie SToro sa- 
nycTMie FIPS c onuMOM -t hto nosBO/iMTy6e- 
AMTbC5i B TOM, HTO pasMOTKB npolu/ia 6es 
oium6ok. Ec/im oium6km o6Hapy>KeHbi, Bocno/ib- 
syMTecb yTM/iMTOM restorrb.exe, KOTopa/i naxo- 
AMTC51 B TOM >Ke HOAKaTB/lOre, HTO M FIPS. 


B03M0)KH0, Bbl o6paTM/lM BHMMaHMe, HTO 
noKa He 6bi/io CKasano hm c/iOBa o tom, 
CKO/ibKO AHCKOBoro npocTpaHCTBa Tpe6yeTC5i 
A/i/1 FreeBSD? MMHMMa/ibHO neo6xoAMMoe Me- 
CTO Ha AHCKe cocTaB/i5ieT oKO/io 100 M6aMT. 
OAHaKO ec/iM Bbl n/iaHMpyeTe Mcno/ibsoBaTb 
nopTbi, TO/ibKO AopeBa nopTOB bbm nona- 
Ao6mtc5i oko/ 10 300 M6aMT na A^CKe. HTo6bi 
He /lOMaTb ro/iOBy naA TeM, KaK pasMecTMTb 
Bce cfiaM/ioBoe xos/imctbo, McxoAMTe ms pac- 
HeTa 1-1,5 F6aMT (m 6o/iee) Ha A^CKe n/iioc 
MecTO pa6oTbi Tex c/iy>K6, KOTopbie Bbi 
cobMpaeTecb Mcno/ibsoBaTb: noHTOBbiM, Be6- 
M cj/aM/iOBbiM cepaepbi, npoKCM-cepaep m t. n. 
KoHeHHo, M0)KH0 He ycTanaB/iMBaTb AopeBO 
nopTOB M c6opKy naKeTOB npoMSBOAMTb ca- 
M0CT051Te/lbH0, HO /lyHlUe AOBepMTb STy MMC- 
CMK) cneuMa/iMCTaM, y>Ke Bbino/iHMBiuMM 6o/ib- 
myio HacTb pa6oTbi sa aac. K STOMy mo>kho 
A 06aBMTb, HTO MMHMMa/lbHbie Tpe60BaHM51 K 
npoueccopy — MaiuMHa ypoBH/i 386, obteM 
onepaTMBHOM naM/iTM ot 16 M6aMT (npM 
MeHbiueM obteMe ne 6yA6T pa6oTaTb npo- 
rpaMMa ycTanoBKM sysinstaU). KaK bmamto, 
Tpe6oBaHM5i oneHb AOMOKpaTMHHbie. 

flonroTOBKa sarpysoHHbix hmckob 

nepBbiM KOMnaKT-AMCK FreeBSD /iB/i/ieTC/i sa- 
rpysoHHbiM. Ec/im earn KOMnbiOTep ne ocna- 
men CD-npMBOAOM, m/im BIOS ne noAAop>KM- 
BaeT sarpysKy c KOMnaKT-AMCKa, cosAaMTe 
sarpysoHHbie AHCKeTbi. 06pasbi sarpysoHHbix 
AMCKeT pacno/iaraiOTC5i b noAKaTa/iore flop- 
pies. fl/151 sanMCM o6pasoB na A^CKeTbi b 
cpeAe DOS/Windows Mcno/ibsyMTe yTM/iMTy 
fdimage.exe ms noAKaTa/iora TooLs\. BaM He- 
o6xoammo cosAaTb f\se AMCKeTbi, Mcno/ibsy/i 
o6pasbi kern.fLp m msfroot.fLp (x — mm/i CD- 
npMBOAa B cpeAe DOS/Windows): 


cd x:\tools 

fdimage.exe \floppies\kern.flp a: 
fdimage.exe \floppies\msfroot.flp a: 

fl/151 sanMCM o6pa30B Ha ahckotv b Unix mc- 
no/ibsyeTC/i yTM/iMTa dd. OopMaT BbisoBa yTM/iM- 
Tbi f\ni\ FreeBSD m pj]i\ Linux OT/iMHaiOTC/i TO/ibKO 
MMeHOBaHMeM ycTpoMCTBa cjD/ionnM-npMBOAa. 

dd if=kern.flp of=/dev/rfd0 

M, cpaeneHM/i, 

dd if=kern.flp of=/dev/fd0 

06paTMTe BHMMaHMe, hto fdimage.exe npM 
sanMCM Mcno/ibsyeT np/iMOM AOCTyn k c|D/ion- 
nM-AMCKy, nosTOMy Heo6xoAMMO /im 6 o nepe- 
rpysMTbc/i B pe>KMM SMy/i/iuMM MS-DOS, /im 6 o 
sanycKaTb nporpaMMy, Mcno/ibsy/i npaaa aA- 
MMHMCTpaTopa. Bbi6op cnoco6a sarpysKM sa 
BaMM. nepeA Hana/iOM c/ieAyfonero STana Me- 
CTO Ha AHCKe ycTanoBKM FreeBSD ao/dkho 
6biTb y>Ke ocBo6o)KAeHo. 

HanajibHan sarpysKa 

Ha Hana/ibHOM STane sarpysKM na SKpan Bbi- 
BOAMTC51 Macca c/iy>Ke6Hbix coo6meHMM. fle- 
Ta/ibHbiM pas6op Ka>KAoro ms hmx b obteMe 
OAHOM CTaTbM HeB03M0)KeH. OCHOBHbIM HOKB- 
saTe/ieM Toro, hto Bce b nop/iAKe, /iB/i/ieTC/i 
TBK HasbiBaeMa/1 «BO/iiue6Ha5i na/ioHKa». Hokb 
OH a BpamaeTC/i, mo>kho chmtbtb, hto Bce xo- 
pomo — npouecc sarpysKM maot. Kbk to/ibko 
OH a ocTaHOBM/iacb, sto BepnbiM npMsnaK Toro, 
HTO CMCTOMa «saBMc/ia». 

B c/iynae ycneiuHOM sarpysKM CMCTOMa 
BbiAacT c/ieAyionee coo6meHMe: » 
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» Hit [Enter] to boot immediately, 

or any other key for command prompt. 
Booting [kernel] in 9 seconds... 

fl/151 npoAo;i>KeHM5i Ha>KMMTe K/iaemuy 
Enter. Ec/im >Ke npoMcxoAMi sarpysKa c ahc- 
K 6T, BaM 6yA6T npeA/io>KeHO cnepea CMeHMib 
AMCKeiy c kern.flp Ha mfsroot.flp m to/ibko 
saieM nepeMTM k sarpysKe 5iApa: 

Please insert MFS root floppy 
and press enter: 

C;ieAyK)iAMM aian — HacipoMKa napaMei- 
poB 3arpy>KaeMoro 5iApa «Kernel configura- 
tion menu». Bo/ibiuMHCTBy no/ibsoBaie/ieM 
MeH5iTb HMHero He Hy>KHO (nyHKT «Skip kernel 
configuration... ») OAHaKO cymecTByei Bepo- 
51THOCTb TOrO, HTO B BBlUeM o6opyAOBaHMM 
MMefOTC51 yCTpOMCTBa, KOHClD/lMKTyfOlAMe Me>KAy 
C060M. B TaKOM c/iynae na aiane sarpysKi/i ne- 

o6xOAMMO OTK/lfOHMTb ApaMBCp OAHOrO M3 HMX, 
M/IM Bcex, eC/lM B HMX HOT Heo6xOAMMOCTM npM 
yciaHOBKe CMCieMbi. aioro BOcno/ib3yM- 
Tecb BTopbiM nyHKTOM MeHfo «Start kernel 
configuration in full-screen visual mode». 3a 
6o;iee Aeia/ibHOM MHcfiopMauMeM o6pamaM- 
lecb K Handbook, pa3Ae;i 2.3.2. 

06u|Me CBefleHMfl 0 sysinstall 

KorAa 5iApo saaepiuMT npouecc aarpysKM, yn- 
paB/ieHMe nepeMAei k nporpaMMe sysinstall. 
Ec/im ao aroro BaM npMxoAM/iocb CTa/iKMBaibc/i 
TO/ibKO c yciaHOBKOM onepauMOHHbix cmctcm 
ceMeMCTBa Windows, bo3mo>kho, bbi 6yAeie pa- 
30HapoBaHbi, He BCipeiMB npMBbiHHoro rpacfiM- 
HecKoro MHiepcfieMca. floBepbie, hto ero yAo6- 
CTBO — /iMiub MHMMoe. flporpaMMy sysinstall 


MO)KHO aanycKaib m noc/ie OKonnaHM/i ycia- 
hobkm: oHa MO>KeT 6biib Mcno/ibsoBana 
Ao6aB/ieHM5i M/iM yAa/ieHM/1 nporpaMMHbix kom- 
noHeHTOB, a TaK>Ke o6HOB/ieHM/i OC (miam- 
le nporpaMMy b noAKaia/iore /stand). 

HecKO/ibKO c/iOB Hy>KHO CKaaaib m 06 yn- 
paB/ieHMM. K/iaBMiuM Up m Down Mcno/ibsyfoi- 
C51 A-n/1 HaBMrauMM no cnMCKy 3/ieMeHiOB Me- 
Hfo. K/iaBMiuM Left m Right Bbi6opa khohok 
ynpaB/ieHM/1 (Select, OK, Exit m t. n.) K/iaBMiua 
Space Mcno/ib3yeTC5i a-h/i yciaHOBKM/c6poca 
cjD/ia/KKOB M/iM Bbi6opa 3/ieMeHia Menfo, p/iAOM 
C KOTOpbIM CT051T KBaApaiHbie CKo6kM. fl/151 Bbl- 
6opa aKTMBHOM KHonKM ynpaB/ieHM/1 Mcno/ib- 
3yeTC5i K/iaBMiua Enter. B neKOiopbix Menfo ona 
MO)KeT 6biTb Mcno;ib30BaHa BMecio K/iaBMiuM 
npo6e/ia. Hana/ibHbie cMMBO/ibi 6o/ibiuMHCTBa 
nyHKTOB MeHfo BbiAO/ienbi ApyrMM ABeiOM; 
HTo6bl aKTMBM3MpOBaib TaKOM nyHKT, AOCTa- 
TOHHO Ha>KaTb COOTBeTCTByfOmyfO K/iaBMlUy B 
coHeTaHMM c Alt (3TO npaBM/10 pacnpocTpaH/1- 
eTC5i TO/ibKO Ha Ty HacTb cnMCKa, KOTopa/i no- 
MeiAaeTC/1 na 3Kpane). K/iaBMiua Tab pa6oTaeT 
TaK >Ke, KaK KypcopHbie K/iaBMiuM Left/Right, m 
Mcno/ib3yeTC5i a-h/i nepexoAa Me>KAy no/i/iMM 
npM BBOAe AaHHbix (AaHHbie 0 no;ib30BaTe;ie m 
T. n.). K co)Ka;ieHMK) sysinstall mmoot to/ibko 
aHr/10513blHHblM MHTepcj/eMC (cOOTBeTCTBeHHO, M 
AOCTynna/i b momoht ycTanoBKM AOKyMeHTauM/i 
npeACTaB/iena na anr/iMMCKOM /i3biKe). 

PaCCMOTpMM KpaTKO OCHOBHbie UyHKTbl MO- 
Hfo, AOCTynHbie na Hana/ibHOM 3Tane ycTanoBKM: 

► Usage — onMcaHMe Mcno;ib30BaHM5i cMCTeMbi 
MeHfo (HaBMrauM5i, rop/iHMe K/iaBMiuM m t. n.). 

► Standard — nanaTb ycTanoBKy b CTaHAapT- 
HOM KOHcfiMrypauMM (peKOMeHAyeTC/i). 

► Express — nanaTb 6biCTpyfo ycTanoBKy (a/i/i 
H eTepne/iMBbix; peKOMeHAyeTC/i 6biTb bhmmb- 
Te/lbHblM C 3TMM nyHKTOM). 


► Custom — pe>KMM ycTanoBKM 3KcnepTOB. 

► Configure — Bbino/iHMTb nocT-MHCTa/ui/iAM- 
OHHyfo HacTpoMKy FreeBSD. 

► Doc — MHCTpyKUMM UO yCTBHOBKe M T. n. 

► Keymap — Bbi6op pacK/iaAKM K/iaBMaTypbi. 

► Options — npocMOTp/Bbi6op paa/iMHHbix 
onuMM nepeA nana/iOM MHCTa/ui/iUMM. 

► Fixit — pe>KMM peMOHTa, aanycK o 6 o/iohkm 
H a HeTBepTOM kohco/im (shell) . 

► Upgrade — o6HOB/ieHMe cymecTayfomeM 
onepauMOHHOM CMCTeMbi. 

► Load Config — aarpysKa KOHcfiMrypauMM yc- 
TaHOBKM no yMO/lHaHMfO. 

► Index — r/ioccapMM c|DyHKUMM. 

ripM ycTanoBKe hobom CMCTeMbi bbm nona- 
Ao 6 /itc 5 i nyHKTbi Standard, Configure, Keymap 
M Options. l/lcno/ib30BaHMe ocTa/ibHbix nyHK- 
TOB OnUMOHa/lbHO. 

^CTaHOBKa: CTaHflapTHbIM pexMM 

ripe>KAe HeM nepeMTM HenocpeACTBeHHo Kyc- 
TaHOBKe, Heo6xoAMMO Bbi6paTb pacK/iaAKy 
K/iaBMaTypbi (nyHKT Menfo «Keymap»). Hac 
MHTepecyeT «Russia K0I8-R». B KanecTBe ne- 
peK/ifonaTe/i/i Me>KAy /isbiKaMM Mcno/ibsyeTC/i 
K/iaBMiua CapsLock. 

C/ieAytoiAMM nyHKTOM ocTanoBKM 6yA6T 
pa3Ae;i «0ptions», nosBO/i/ifoiAMM Bbino/iHMTb 
npeABapMTe/ibHyfo nacTpoMKy CMCTOMbi. 

Bo/ibiuMHCTBO no/ib30BaTe/ieM ycTpaneafOT 
HacTpoMKM napaMOTpoB, 3aAaHHbie no yMO/ina- 
HMfo. Ec/im >Ke bbi xotmtc M 3MeHMTb oamh m 3 
nyHKTOB, Mcno/ibsyMTe f\ni\ 3Toro K/iasMiuy 
Space. KpaTKoe onMcaHMe Toro m/im mhoto 
nyHKTa bbi 6yA6Te bmaotb BHMsy SKpana. Elo- 
hbaoBmtc/i /im BaM Mcno/ib30BaHMe ceTeeoM 
cfiaM/ioBOM CMCTeMbi (NFS) M/iM HeT, pemaTb 
BaM. B TOM c/iynae, ec/iM f\ni\ eameM MaiuMHbi 
HacTpoeHa AHHaMMHecKa/i IP-aApecauM/i, He » 
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# MHCTA/l/iyiUM51 M HACTPOMKA/_ yciaHOBKa FreeBSD 


» 3a6yAbie BK/ifOHmb nyHKi DHCP. 3Aecb >Ke 
M0>KH0 yKasaib mctohhmk yciaHOBKH — 
CD/DVD, D0S-pa3Ae;i, FTP-, HTTP-, NFS-cepBep, 
c|DaM;iOBa5i CMCieMa FreeBSD m;im HaKonme;ib 
Ha MarHMTHOM jieHie. riyHKT«Use defauLts» 
n03B0;iMT npOM3BeCTM c6pOC Tex H3MeHeHMM, 
KOTopbie Bbi BHec/iM, Ha 3HaHeHM5i no yMO/iHa- 
HMfO. BbIXOA — c nOMOlAbfO K/iaBMlUM Q. 

PasMeTKa flMCKa 

PaccMOTpMM npMMep yciaHOBKH B ciaHAapi- 
HOM pe>KMMe. Bbi6epnTe nyHKi «Standard». 
ripe>KAe Bcero bbm Heo6xoAHMO co3Aaib paa- 
Ae;i f\j\5\ pa3MeiAeHM5i na hom FreeBSD. K 3io- 
My MOMeHiy Bbi ao/dkhbi 6bmn peiumb Aan- 
Hyfo npo6;ieMy npM homoiam oahom m 3 
nporpaMM nepepaaMeiKM auckob. FlporpaMMa 
fdisk HeMHoro noxo>Ka na cbom ana/ior b 
DOS/W indows m/im Linux — cfdisk. 

ripe>KAe HeM nepeniM k co3AaHi/iK) paaAe- 
;iOB, Hy>KHO CKaaaib necKO/ibKO c/iob o 6 opra- 
HMaauMM AHCKOBoro npocipancTBa bo FreeBSD. 
Ha BepiuMHe stom nepapxm/i pacno/iaraera 
c/iaMC (slice). Ha Ka>KAOM >KecTKOM AHCKe mo- 
>KeT 6biTb co3AaHo AO Heibipex c/iaucoB (no ko- 
jiMHecTBy 3annceM b Ta6;iMAe pasAe/iOB). C/ianc 
MO>KHO CpaBHMTb C paClUMpeHHbIM paBAO/lOM, 

HO cxoACTBO Me>KAy hmmm orpaHMHMBaera leM, 
HTO BHyipM o6enx cipyKiyp C03Aaf0iC5i noA- 
pa3Ae;ibi. Pa3Ae;ibi, pacno/iaraeMbie BHyipM 
c/iaMca, o6o3HaHafOTC5i 6yKBOM oi A ao H m mo- 
ryi coAep>KaTb to/ibko OAHy cfiaM/iOByK) CMCie- 
My. pa3Ae;iOB c A no D cyiAeciByfoi onpe- 
Ae/ieHHbie cor;iaiueHM5i (ohm He o65i3aTe;ibHbi, 
HO >Ke;iaTe;ibHbi k Mcno/ineHMfo): 

► A coAep>KMT KopneByfo cfiaM/iOByK) CMCieMy; 

► B coAep>KMT pa3Ae;i noAKaHKM; 


► C co3AaeiC5i laKoro >Ke paanepa, hto m aecb 
C/iaMC, — 3TO n03B0;i5ieT yiM/lMiaM, KOIOpblM 
Heo6xoAMMO pa6oTaib naA bcom c/iaMCOM (na- 
npMMep, CKanepy c6oMHbix 6 ;iokob), pa6oTaib 
c pa3Ae;iOM C (KaK npaBM/io, b coaAaHMM no- 
Ao6hom cfiaM/iOBOM cMcieMbi 0C060M neo6xo- 
AMMOCTM Her); 

► D co3AaBa;iC5i cneuMa/ibHbix ue/ieM, ho 
B HaCT05UAMM MOMOHI HO MCnO/lb3yeTC51. Ecib 
Bep051TH0CTb TOrO, HTO HOKOTOpbie yTM/lMTbl 
Moryi HeKoppeKTHO pa6oTaib npn nonbiTKe 
o6pameHM5i K D, noaiOMy sysinstaLL o6biHHO 
He co3Aaei noAo6Hbm pa3Ae;i. 

rio/iHoe MM51 pa3Ae;ia coctomt m 3 MMeHM 
AMCKOBoro ycipoMCTBa, HOMepa c/iaiica m 
6yKBeHHoro o6o3HaHeHM5i pa3Ae;ia. B Miore 
OHO Bbir;i5iAMT npMMepHO c/ieAywiAMM o6pa- 
30m: ad0s2a — KopneBOM paaAe/i na c/iaMce 
HOMep 2 BeAymero (master) ATA-AMCKa, pac- 
no;io>KeHHoro na nepBOM KOHipo/uiepe. HM>Ke 
AaHbl KOAbI AUCKOBblX ycipoMCTB: 

► ad ATAPI (IDE) amck; 

► da SCSI ahck; 

► acd ATAPI (IDE) CDROM; 

► cd SCSI CDROM; 

► fd c|D;ionnM-AMCK. 

BepneMC5i k nporpaMMe fdisk. Ec/im bbi mc- 
no;ib30Ba;iM FIPS f\j\5\ nepepaaMeiKM, yAa/iMie 
C03AaHHbiM nporpaMMOM pa3Ae;i (K/iaBMiua D). 
Tenepb neo6xoAMMO coaAaib c/iaMC. Ec/im y 
Bac MMeeiC/l «HMCTblM» AUCK, M/IM Bbi XOTMie 
yAa/iMTb Bce pasAe/ibi m noBepx paaMeciMib 
FreeBSD, Ha>KMMTe A. fl/i/i co3AaHM/i hoboto 
c/iaMca Ha cbo6oahom Mecie (ne 3a6yAbie na 
Hero nepeMecTMTbC5i!) Ha>KMMTe C. B ceKiopax 
3aAaeTC5i MaKCMMa/ibHo AOCiynHbiM pasMep; 
ec/iM Heo6xoAMMO, M3MeHMie ero. BiopoM yKa- 


aaHHbiM napaMeip — 3 to AOC/iTMHHa/i oaho- 
6aMTOBa/i CMTHaiypa pasAe/ia (a/i/i c/iaMca 3 to 
165). He 3a6yAbie CAe/iaib c/iaMC sarpysoHHbiM 
(S). Ec/im bbi oiuM6/iMCb, mo>kho Bbino/iHMib ot- 
Kai (K/iaBMiua U); b npoiMBHOM c/iynae coxpa- 
H5iMTe BHeceHHbie M3MeHeHM/i (Q) M nepexoAM- 
le K CflOpMMpOBaHMK) noApasAO/iOB. 

Tenepb Heo6xoAMMO HacipoMib sarpysHMK. 
BaM npeA/iaraeic/i ipM BapMaHia: 

► BootMgr — Mcno/ibayMie 3 tot BapnaHT, 
ec/iM Ha MaiuMHe eme ne 6bi/i yciaHOB/ien hm- 
KaKOM MeneA>Kep sarpyaKM onepauMOHHbix 
CMcieM. B laKOM c/iynae mm ciaHei boot-Me- 
HeA>Kep FreeBSD. 

► Standard — b stom c/iynae b MBR aanMCbi- 
Baeic/i ciaHAapTHbiM aarpysHMK, aanycKaio- 
lAMM CMCieMy m 3 aKTMBHoro pa3Ae/ia /KeciKO- 
rO AHCKa (KOTOpbIM HeobxOAMMO 6bl/10 Bbl- 
6paib Ha npeAbiAyiAOM 3iane). 

► None — coAep>KMMoe MBR ne Men/ieic/i. 
TaKOM BapMaHT Mcno/ibsyeic/i b tom c/iynae, 
ec/iM Ha AHCKe y>Ke ycianoB/ien ApyroM 3a- 
rpysHMK (LILO, GRUB, NTLoader, System 
Commander m t. n.). 

Disklabel Editor 

Co3AaHMe noApa3Ae/iOB Bbino/iH/ieTC/i npM no- 
MOiAM nporpaMMbi DiskLabeL Editor. OnepauM- 
OHHOM cMcieMe paboTbi neobxoAMMO, KaK 
MMHMMyM, ABa pasAO/iai V" (kophobom) m 
swap-pa3Ae/i. Oahbko noBbimeHM/i 3cj)- 
C|DeKTMBHOCTM pa6oibl C A^CKOM peKOMOHAyei- 
C51 cfiopMMpoBaTb cfiaM/ioBbie cMcieMbi Ha He- 
CKO/ibKMx pa3Ae/iax. Ec/im bbi aaipyAH/ieiecb 
peiuMTb, cKO/ibKO Mecia otboctm noA kb/kabim 
M 3 pa3Ae/iOB, BOcno/ib3yMTecb cfiyHKUMeM aa- 
TOMaiMHecKOM pa3MeiKM c/iaMca (K/iasMiua A). » 





HacTpoMKa cereBoro MHTep(|>eMca He BbisoeeT y Bac TpyAHOCTen, 
ec/iH Bbi SHaKOMbi c ocHOBaMH TeopHH TCP/IP-cereM 
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» Ec/im /home He BbiAe;i 5 ieTC 5 i OTAe/ibHo- 
ro pasAe/ia to bo FreeBSD, b OT/iMHi/ie ot Linux, 
Mcno;ib 3 yeTC 5 i CBo 6 oAHoe MecTO Ha pasAe/ie 
/usr (on 5 iTb >Ke, ec/iM laKOM pasAe/i cosabh): 
co 3 AaeTC 5 i cMMBo;iMHecKa 5 i ccbuiKa /home, 
yKa 3 biBafoma 5 i na /usr/home. 3to yAo 6 no, laK 
KaK no 3 Bo;i 5 ieT CHH 3 MTb Harpy 3 Ky na Kopne- 
Byfo cfiaM/iOByK) CMCieMy. 

C;ieAyK)iAee, na hto Heo6xoAHMO o6paTHTb 
BHMMaHMe, — pe>KMM Soft Updates. 3ia onuM5i 
cnoco6Ha 3HaHHTe;ibHO ycKopmb pa6oiy ahc- 
KOBbix onepauMM. npn3HaKOM loro, hto ona 
BK/ifOHena, c;iy>KMT nanmvie anaHKa +S p^iaom 
c TMnoM cfiaM/iOBOM cMCTeMbi. Soft Updates cy- 
mecTBeHHo yae/iMHHBaeT cKopocTb co3AaHH5i 
M yAa;ieHM5i cfiaM/iOB nyTeM ncno;ib30BaHM5i 

KeiuMpoBaHM5i. XoT5i Handbook peKOMOHAyeT 
Mcno;ib30BaTb Soft Updates na Bcex AHCKax, 

HO sysinstaLL npM aBTOMaTMHecKOM pasMOTKe 
c/iaMca He ycTanaB/iMBaeT noAobnoro pe>KMMa 
A/151 KopneBoro pasAe/ia. CB/isano sto c Ten, 
HTO npM Mcno/ib30BaHMM noAobnoM TexHO/io- 
rm nepeA aanMCbfo na /koctkmm ahck MoryT 
Ha6/ifOAaTbC5i 3aAep>KKM b necKO/ibKO ceKyHA 
(MHorAa AO MMHyTbi). Ec/im b stot momoht cm- 
CTOMa aaBMCHOT, M0)KH0 noTep/iTb HacTb eme 
He sanMcaHHbix AaHHbix. 

Ec/im bbm HeobxoAMMO yAa/iMTb pasAe/i, 
Mcno/ib 3 yMTe D; ec/iM >Ke Bbi xotmtc yAa/iMTb 
pa 3 Ae/i M OTAaTb ocBo 6 oAMBiueec 5 i npocTpaH- 
CTBO coceAHeMy pasAe/iy, CTO/UAeMy b chmc- 
Ke Bbime, Mcno/ibsyMTe R. B /ik)6om c/iynae 
OTMeHy BHeceHHbIX M 3 MeHeHMM MO)KHO Bbl- 
no/iHMTb npM noMOiAM U. 

HaHMHafoiAMe aAMMHMCTpaTopbi nacTO 3a- 
TpyAH 5 ifOTC 5 i npM Bbibope paaMepoB pa 3 Ae/iOB 
M MX KO/iMHecTBa. Bo 3 MO)KHO, c/ieAyK)iAMe co- 


BeTbi noMoryT mm 6o/iee tohho onpeAO/iMTb, 
HTO KOHKpeTHO MM Hy>KHO: 

► fl/151 KopHeBoro pasAe/ia >Ke/iaTe/ibHo co- 
3AaBaTb OTAe/ibHyfo cfiaM/iOByK) CMCTeMy — 

3 TO H 03 B 0 / 1 MT MOHTMpOBBTb ee B pe>KMMe 
«TO/lbKO A /151 HTeHM 51 » M CHM 3 MT pMCK ee nO- 

Bpe>KAeHM5i B c/iynae c6o/i. 

► Co3AaMTe OTAe/ibHbiM paaAe/i a/i/i /tmp — 
3A6Cb, KaK npaBM/lO, XpaHMTC/l MHO)KeCTBO 
Me/iKMx cf)aM/ioB. OneHb Ba>KHo, HTo6bi paaAe/i, 
OTBOAMMbIM nOA/tmp, MMe/1 AOCTaTOHHbIM pa3- 
Mep M He n e pen 0/1 H 51/1 C51 b npouecce paboTbi: 
3T0 MO)KeT npMBeCTM K c6ofO KaK OTAe/lbHblX 
npoueccoB, TaK m CMCTOMbi B ue/iOM. JlfobMTe- 
/151M OTKpbiBaTb M npocMBTpMBaTb 6o/ibiuMe ap- 
xMBbi c noMOiAbfo Midnight Commander c/ie- 
AyeT noMHMTb, hto pacnaKOBKa apxMBOB npo- 
McxoAMT B noAKBTa/iore /tmp. Ba/KHyfo po/ib 
MrpafOT napaMOTpbi co3AaBaeMOM cfiaM/ioBOM 
CMCTeMbi (k/HOHM -b M -f) , KOTOpbie MO)KHO 

MSMeHMTb B c/iynae HeobxoAMMOCTM (Newfs 
Opts, rop/ina/i K/iaBMiua N). 

► rio yMO/iHaHMfo Mcno/ib3yeTC5i napa SHane- 
hmm: -b 16384 -f 2048. fl/i5i /tmp AaHHoe 3Ha- 
HeHMe M0)KH0 yMeHbiuMTb BABoe, a pasAe- 
/lOB, TAe 6yAyTxpaHMTbC5i cfiaM/ibi 6o/ibiuoro 
pasMepa, HanpoTMB — yae/iMHMTb b neTbipe pa- 
3a ("b 65535 -f 8192). Ec/im Bbi 3aTpyAH5ieTecb 
TOHHO onpeAe/iMTb pa3Mep 6/ioKa cfiaM/iOBOM 
CMCTeMbi, 0CTaB/i5iMTe 3HaneHMe no yMO/inaHMio. 

► >Ke/iaTe/ibHo coaAaaaTb OTAe/ibHbiM pa3Ae/i 
A/151 /var. Ec/im Ha MaiuMHe byAOT paboTaTb 
noHTOBbiM cepaep m/im Apyra/i ceTeaa/i c/iy>K6a 
C 60/lblU0M Harpy3KOM, MMeeT CMbIC/l C03A3Tb 
OTAe/ibHbiM pa3Ae/i a/i5i KaTa/iora, vf\e 6yAyT 
xpaHMTbC5i paboHMe cj/aM/ibi cepBMca: nanpM- 
Mep,/var/spooL/maiL a/ 151 noHTOBoro cepaepa 


M/iM /var/spooL/squid — a/i 5 i Kema npoKCM- 
cepeepa. Ec/im ecTb B 03 M 0 >KH 0 CTb, paaMecTMTe 
noAobHbiM pasAe/i Ha OTAe/ibHOM /kcctkom 
AMCK e, HTO TaK)Ke yee/iMHMT 6 bicTpoAeMCTBMe. 

► B pe>KMMe aBTOMaTMHecKOM pa3MeTKM 
c/iaMca sysinstaLL BbiAe/i5ieT HeAOCTaTOHHo 
MecTa noA cfiaM/iOByio CMCTeMy /var. fl/i5i pa- 
6oneM CTaHAMM TaKMe ae/iMHMHbi npMeM/ie- 
Mbi, a BOT npM Mcno/ib3oeaHMM FreeBSD b Ka- 
HecTBe cepeepa — HeT. 

► Ec/im Bbi He MO>KeTe tohho CKasaTb, na- 
CKO/lbKO aKTMBHO 6 yA 6 T 3 anO/lH 51 TbC 51 A^CKO- 
Boe npocTpancTBO, ocTaebTe mocto a/i 5 i peaep- 
ea — B Aa/ibHOMiueM, Mcno/ibay/i growfs, mo>k- 
Ho 6 yA 6 T paciuMpMTb paaMepbi OTAe/ibHbix 
CjDaM/lOBbIX CMCTOM. 

► PaaMep o 6 /iacTM noAKanKM aaBMCMT ot 
obteMa onepaTMBHOM naM/iTM. Ec/im noc/ieA- 
HMM cocTae/i 5 ieT AO 32 M 6 aMT, to pasMep 
paccHMTbieaeTC 5 i b nponopuMM 1:2; npM obt- 
eMe onepaTMBHOM naM 5 iTM ot 32 ao 128 
MbaMT — KaK 1:1.5, ot 128 ao 256 MbaMT 
KaK 1:1. ripM bo/ibiuMx obteMax onepaTMB- 
HOM naM 5 iTM (cBbime 512 MbaMT) hot CMbic/ia 
co 3 AaBaTb SWAP-pa 3 Ae/i pasMepoM bo/iee 
256 MbaMT: Bp/iA /im oh byAOT Mcno/ibaoBan 
no/iHOCTbK). OAHaKO noMHMTe, HTO npMBe- 
AOHHbie aaKOHOMepHOCTM no/iyneHbi onbiT- 
HbiM nyTOM. KpoMe Toro, CTapaMTecb npM- 
Aep>KMBaTbC 5 i c/ieAyioiAMx npaBM/i: ec/iM b 
CMCTOM e HecKO/ibKO >KecTKMx AMCKOB, pacno- 
/laraMTe paaAe/i noAKanKM na caMOM bbicT- 
poM M 3 HMx; no B 03 M 0 )KH 0 CTM pacno/iaraMTO 
pa 3 Ae/i SWAP-pa 3 Ae/i b/iM>Ke k Hana/iy ahc- 
Ka; ero peKOMOHAyeTc/i paaMemaTb Me>KAy 
AByM 5 i pa 3 Ae/iaMM (nanpMMep, KopneBbiM m 
/ var) — TeopeTMHeCKM 3 T 0 A 0 / 1 >KH 0 CHM 3 MTb » 
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# MHCTA/l/iyiUM51 M HACTPOMKA/_ yciaHOBKa FreeBSD 


» HarpysKy Ha auck (xot5i noAo6Hoe bo3mo>k- 
Ho CKopee Bcero Ha SCSI-AHCKax). sa- 
BepmeHM5i pasMeiKM Ha>KMMTe [Q]. 

Bbl6op AMCTpM6yTMBHblX Ha6opOB 

Tenepb BaM Heo6xoAHMO Bbi6paib, KaKOM 
MMCHHO AHCTpn6yTMBHbm Ha6op yCTaHOBMTb. 
HOBMHKaM, eC/lM n03B0;i5ieT cbo6oaho6 mccto 
H a AHCKe, peKOMeHAyeTC5i Bbi6npaTb BapMani 
ALL Ec/im Ha KOMnbfoiepe AO/i>KHa 6biib ycia- 
HOB/iena rpacfiMHecKa^i cpeAa, ne 3a6yAbie Bbi- 
6paib X-User. Ec/im Bbi n/iaHMpyeie co6Mpaib 
HOBOe 51AP0 M/IM MOAepHM3MpOBaib CMCTCMy 
nocpeACTBOM CVSup (cMcieMbi, no3BO/i/iK)iAeM 
aBTOMaiMHecKM noAAep/KMBaib FreeBSD b aK- 

Tya/lbHOM C0CT051HMM M BHOCMTb M3MeHeHM5i; 
ec/iM Bbi He ycianoBM/iM CVSup cpaay, sto 
MO)KHO CAe/iaib B Aa/ibHeMiueM npM homoiam 
nopia cvsupit), bbm noHaAo6MTC/i oamh m 3 na- 
6opoB f\n^\ pa3pa6oTHMKa — Developer m/m;im 
K ern-DeveLoper. Ec/im Bbi yciaHaB/iMBaeie cep- 
BepHyio BepcMfo FreeBSD m yBepeHbi, hto X 
Window He noHaAo6MTC/i, Bbi6epMie BapMani 
Developer. 06paiMTe BHMMaHMe, hto nyHKibi 
MeHfO 51B/15UOTC51 3aBMCMMblMMI eC/lM Bbi Bbl6pa- 
/iM Developer, aBioMaiMnecKM 6yAei Bbi6paH 
Ha6op naKeiOB m Kern-Developer. 

Ec/im noc/ie aioro 6yAei Bbi6paH nyHKi 
Minimal, to yciaHOBKa ApyrMx Ha6opoB 6yAei 
OTMeHena. Ec/im Bbi hotko npeACiaB/i/ieTe, hto 
MM eHHo BaM Heo6xoAMMO, Bbi6MpaMie nyHKT 
Custom M OTMenaMie le Ha6opbi naKeioB, ko- 
Topbie CHMiaeie Hy>KHbiM Mcno/ib30Baib. 

ripM Bbi6ope /iio6oro Ha6opa (KpoMe 
Custom) BaM 6yAei npeA/io>KeHO yciaHOBMib 
AepeBO nopioB, KOTopoe aaHMMaei npMMep- 
Ho 300 M6aMT. Ha6op nopiOB o6ecneHMBaei 


npociyio yciaHOBKy MHO>KecTBa aoho/imm- 
le/ibHbix nporpaMM. Ec/im y Bac AOCTaioHHO 
Mecia Ha ahckc, o6/i3aTe/ibHo cor/iamaMiecb. 
B/iaroAap/1 Ha6opy nopiOB, b BameM pacno- 
p5i>KeHMM OKa>KeTC5i OKO/io 10,5 Tbic. npo- 
rpaMM, KOTopbie Bbi CMO/Keie 6ea ipyAa ycia- 
HOBMTb M MCn0/lb30Baib. 0co6eHHOCTblO 
yCiaHOBKM M3 nopTOB 51B/15ieTC51 c6opKa M3 
MCXOAHbIX leKCTOB. 

Bbl6op MCTOHHMKB yCTBHOBKM 

3Aecb BaM Heo6xoAMMO yKaaaib mctohhmk yc- 
laHOBKM — CD/DVD, D0S-pa3Ae/i, FTP-, HTTP-, 
NFS-cepaep, cfiaM/iOByK) CMCieMy FreeBSD m/im 
H aKonMie/ib Ha MarHMiHOM /leHie. Flo yMO/ina- 
HMKD npeA/iaraeTC5i CD/DVD. 

rioc/ie Toro KaK mctohhmk yciaHOBKM Bbi- 
6paH, sysinstall npeAynpe/KAaei, hto 3to no- 
c/ieAHMM maHc McnpaBMib M3MeHeHM/i, BHecen- 
Hbie B AHCKOByio cipyKiypy. Bbi6epMie «No», m 
B bi BepHeiecb k r/iaBHOMy mchk) sysinstall; MHa- 
He HaHHeic/i npouecc yciaHOBKM. 

HacrpoMKa noc/ie MHcran/iflUMM 

KoH(|)MrypMpoBaHMe cbtm 

riepBoe, HTO Heo6xoAMMO HacipoMib noc/ie 
yciaHOBKM, — napaMeipbi ceieBoro coeAMHe- 
HM51. riepeA BaMM ho/ibmtc/i okho c aanpocoM 
0 TOM, 6yAyi/iM KOHcfiMrypMpoBaTbc/i ceieBbie 
ycipoMCTBa — Ethernet m/im SLIP/PPP. 

Bbi6epMie MHiepcj/eMc, KoiopbiM Bbi xoiMie 
HacipoMTb. Sysinstall npeA/io>KMT BaM Mcno/ib- 
30Baib IP BepcMM 6. CKopee Bcero, b BameM 
ceiM AaHHa/1 aepcM/i npoioKO/ia eme He mc- 
no/ib3yeiC5i, no3TOMy oiKa/KMiecb. C/ieAyio- 
lAMM Bonpoc 6yA6T Kacaibc/i TMna aApecauMM, 


Mcno/ib3yeMOM na BameM KOMUbioiepe, — f\\A- 
HaMMHecKOM M/iM ciaiMHecKOM. Ec/im b ceiM 
pa6oTaei DHCP-cepBep m b hcm npMcyiCTByiOT 
AaHHbie 0 BameM MamMHe, oiBeibie yiaepAM- 
le/ibHo; B npoTMBHOM c/iynae HacipoMie napa- 
Meipbi noAK/uoHeHM/1 BpyHHyio. 

Heo6xoAMMO yKaaaib c/ieAyiouMe AaHHbie: 

► Host — no/iHoe mm/i ya/ia (nanpMMep, 
vm.home); 

► Domain — mm/i AOMena, b KOTopoM oh pac- 
no/io>KeH (nanpMMep, home); 

► IPv4 Gateway — IP-aApec m/ii03a no yMO/i- 
HaHMK) (nanpMMep, 192.168.0.1); 

► Name server — IP-aApec DNS-cepaepa 
(HanpMMep, 192.168.0.1); 

► IPv4 address — IP-aApec ya/ia (nanpMMep, 
192.168.0.4); 

► Netmask — MacKy noAceiM; 

► Extra options — Aono/iHMie/ibHbie ohamm, 
KOTopbie Mcno/ib3yiOTC5i yiM/iMTOM ifconfig 
npM aKTMBauMM ceieBoro MHiepcfieMca. 

rio OKOHHaHMM BBOAa AaHHbIX CMCTOMa 
npeA/io)KMT BaM aKiMBMpoBaib MHiepcfieMc. 

3aieM BaM npMAeic/i oiBeiMib Ha p/iA Bonpo- 
COB OTHOCMie/lbHO TOX c|DyHKAMM, KOTOpbie 6y- 
AOT Bbino/iH5iTb FreeBSD b ceiM: 

► ByAOT/iM KOMUbioiep m/ii030M b ceib? flpM 
3TOM HeBa>KHO, ByAOT/lM OH m/ll030M B /lO- 
Ka/ibHyK) ceib m/im l/lHiepneT. 

► ByAyi/iM AOCiynHbi ceieBbie cepBMCbi? 
riporpaMMa ycianoBKM npeA/iaraei ckohc|)m- 
rypMpoBaib cynep-cepBep inetd, KOTopbiM 
KOHipo/iMpyei nonbiTKM noAK/uonenM/i k Apy- 
TMM cepBepHbiM nporpaMMBM KOMUbioiepa m 
K oopAMHMpyei ceieBOM ipacj/MK. Chmcok ce- 
leBbix c/iy>K6 nepenMC/ien b /etc/initd.conf. 
BaM 6yA6T npoAOCiaB/iena B03M0>KH0CTb ot- » 



CosAaHMe yneTHOM saniicii HenpMBM/iempoBaHHoro no/ibsoBare- 
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» peAaKTMpoBaib c|DaM;i noA cbom Hy>KAbi. Bbi- 
xoA M3 peAaKTopa: CtrL+[] m A. 

► ByAei/iM paspemeH aHOHMMHbm FTP-ao- 
ciyn K KOMnbfoiepy? PeKOMeHAyera oiBeiMib 
«No». Bbi BcerAa CMO>KeTe CKOHcf)MrypMpoBaTb 
aHOHMMHbm Aociyn no FTP nosAHee. 

► ByAOT/iM KOMnbfoiep Bbiciynaib b po/iM 
NFS-cepBepa? Fla Bame ycMoipeHMe. 

► FlB;i5ieTC5i JIM Bam yse/i NFS-k/imchtom? Ec/im 
H e SHaeie, OTBenaMie «No». 

► Tpe6yeT/iM KOMnbfoiep noBbimeHHbix Mep 
6e3onacHOCTM? Ec/im Bam yae/i He Tpe6yei 
MaKCMMa/ibHoro ypoBH/i aaiAMibi, Bbi6MpaMie 
«No». rio3AHee Bbi CMO/Keie nacipoMib cj/ynK- 
AMM aaiAMTbi cyneiOM cbomx noTpe6HocieM. 

Ec/im noipeByeic/i bhcctm M3MeHeHM/i b 
H acipoMKM, o6paiAaMiecb k y>Ke M3BeciHOMy 
c|DaM/iy /etc/rc.conf. 

HacTpoMKa kohco;im 

ripMm/10 BpeM5i HacipoMTb KOHco/ib. OiBenaM- 
le yiBepAMie/ibHo Ha Bonpoc o tom, ipeByeic/i 
/IM BaM HaCipOMKa CMCTCMHOM KOHCO/IM. 

KaK MMHMMyM, Heo6xOAMMO HaCTpOMTb 
c/ieAyK)iAMe napaMeipbi: 

► Font — Ham Bbi6op «IBM 866». Xot/i 3to 
mpMcfiT B KOAMpoBKe CP866, npM npaBM/ibHOM 
napaMeipe Screenmap oh 6yAei KoppeKiHo 
OTo6pa>KaTb KMpM/i/iMuy b /lOKa/iM K0I8-R. 

► Keymap — Bbi6epMie pacK/iaAKy K/iaBMaiy- 
pbi «Russia K0I8-R» 

► Screenmap — KoppeKTHoro OTo6pa>Ke- 

HM51 KMpM/l/lMHeCKMX CMMBO/lOB B KOHCO/IM, 

yKa>KMTe «K0I8-R to IBM866». 

fl/151 ycKopeHM5i pa6oTbi K/iaBMaiypbi b 
nyHKie Repeat Bbi6epMie napaMeip Fast. Bbi- 
6Mpaib xpaHMie/ib 3Kpana m/im nei (nyHKi 
«Saver»), pemaMie caMM. 

Hacoaafl soHa 

M COBMeCTMMOCTb C LlnUX 

C/ieAyK)iAMM maroM neo6xoAMMO nacipoMib 
HacoBOM no5ic. Fla Bonpoc o tom, nacTpoenbi 
/iM CMOS-nacbi na UTC, OTBenaMTe «No». 3a- 
TeM Bbi6epMTe perMOH, CTpany m nacoBOM no- 
5 \C (m/ 1M KOHKpeTHbIM TOpOA, K KOTOpOMy MA6T 
npMB5i3Ka HacoBoro no/ica). 

C/ieAyK)iAMM aanpoc npocMT yTOHHMTb, ecTb 
/IM Heo6xOAMMOCTb B yCTBHOBKO naKOTOB 6 m- 
HapHOM coBMecTMMOCTM c Linux. B c/iynae no- 
/io)KMTe/ibHoro OTBOTa sysinstaU ycTaHOBMT b 
/ usr Ha6op pa3Ae/i/ieMbix BmB/imotok m ApyrMx 
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nporpaMM, hooBxoammbix noc/ieAytonero 
aanycKa Linux-npM/io>KeHMM. 

HaCTpOMKa MblUlM 

Bonpoc, KOTopbiM 3aAaeTC5i b 3tom c/iynae, 
MO)KeT B nepBbIM MOMOHT nOCTBBMTb Bac B Ty- 
nMK: «EcTb /iM B CMCTeMe He-USB-Mbimb?» Ec- 
/iM y Bac USB-Mbimb, Bbi6MpaMTe «No», MHane 
«Yes». HTo6bi npoBepMTb, npaBM/ibHO /im 
sysinstaU onpeAe/iM/ia TMn Mcno/ibsyeMOM Mbi- 
mM, Bbi6epMTe nyHKT Enable. Ec/im no KaKOM- 
TO npMHMHe 3Toro He npoM3om/io, yKa>KMTe 
TMn MbimM M cnoco6 ee noAK/ifoneHM/i apyn- 
Hyfo (nyHKTbi «Type» m «Port»). 

IJcraHOBKa 

nonojiHMTe/ibHbix nporpBMM 

OTBeTbTe «Yes» Ha Bonpoc, xoTMTe /im Bbi npo- 
CMOTpeTb Ha6op naKeTOB FreeBSD, AOCTynHbiM 
Ha KOMnaKT-AMCKe. FlaKeTbi paabMTbi na KaTe- 
ropMM: ec/iM Bbi anaeTe, hto MMenno MmeTe, to 
H aMAeTe sto 6e3 TpyAa. 

[|o6aB;ieHMe nojibsoBare/ieM 

Tenepb neobxoAMMO cosAaTb b cmctomo yneT- 
HyK) aanMCb HenpMBM/ierMpoBaHHoro no/ibao- 
BaTe/151. CnepBa cosAaMTe rpynny TaKoro 
no/ib30BaTe/i5i (nyHKT «Group»). FlanpMMep, 
LocaLusr. CBoboAHbiM GID (rpynnoBOM machtm- 
cj/MKaTop) CMCTOMa BbiAe/iMT caMa. 3aTOM bbo- 
AMTe AaHHbie no/ib30BaTe/i5i (nyHKT «User»): 
/lOTMH, napo/ib, MM51 no/ib30BaTe/i5i, rpynny, k 
KOT opoM OH npMHaA/ie>KMT. Ec/im cymecTByeT 
Ha6op rpynn, h/iohom KOTopbix no/ib30BaTe/ib 
AO/DKeH 6biTb, AobaBbTe mx b no/ie Member 
Groups (HanpMMep, rpynna wheel). B 3tom 
c/iynae no/ib30BaTe/ib CMO>KeT npM HeobxoAM- 
MOCTM no/iynaTb npMBM/ierMM no/ib30BaTe/i5i 
root. rioc/ieAHee, hto bbm hoo6xoammo bboc- 
TM, — napO/lb aAMMHMCTpaTOpa CMCTOMbl. 
B OT/iMHMe OT napo/151 /lOKa/ibHbix no/ib30BaTe- 
/leM, Bbi BBOAMTe ero ABa>KAbi. 

Fla aanpoc o nepexoAe b KOHcj/MrypauMOH- 
Hoe MeHKD OTBeTbTe «No», noc/ie Hero Bbi no- 
naAeTe obpaTHo b ochobhoo mohk) sysinstaU. 
Bbi6epMTe nyHKT Exit Install m na/KMMTe Enter. 
Floc/ie 3Toro nepeaarpysMTe CMCTeMy. 

P fla/ibuie? 

EcTb Bonpoc, KOTopbiM cnoco6eH nopoAMTb 
«6ypio B CTaKane BOAbi» cpeAM cfiaHaTOB ko- 

MBHAHOM CTpOKM, HO erO HaCTO MO)KHO yc/lbl- 


maTb OT hobmhkob: «KaK aanycTMTb Midnight 
Commander?» Otbot na Hero npocT — co- 
6paTb M3 nopTOB. FlpeA/iaraeMbiM HM>Ke mm- 
HM-Kypc «MO/iOAoro 6oMua» noKa>KeT bbm, 

KaK 3TO CAe/iaTb. 

ripe>KAe Bcero HeobxoAMMO AOHacTpoMTb 
paboTy c kmpm/i/imaom. B cfiaM/ie /etc/ttys, 
onMCbiBaiomeM TMnbi TepMMHa/iOB, HeaepHO 
yKaaaH TMn TepMMHa/ia /lOKa/ibHbix kohco- 
/leM — cons25. l/la-aa SToro HeKoppeKTHO oto- 
6pa>KaeTC5i nceBAorpacfiMKa. OTpeAaKTMpyMTe 
c|DaM/i /etc/ttys, aaMOHMB cons25 Ha cons25r: 

ee /etc/ttys 

Tenepb Bbino/iHMTe c/ieAyioiAMe KOMaHAbi: 

cd /usr/ports/misc/mc 

make install 

Cnepea 6yA6T npeAnpMH/iTa nonbiTKa o6- 
Hapy>KMTb HeobxoAMMbiM cfiaM/i b /usr/ 
ports/distfiles. B tom c/iynae, ec/iM cfiaM/i ne 
6yA6T HaMAeH, nporpaMMa ycTanoBKM nonbi- 
TaeTC51 nOAK/lK)HMTbC51 K l/lHTepHOTy M CKanaTb 
TpebyeMbiM cfiaM/i OTTyAa. Floc/ie Toro kbk 6y- 
AyT no/iyneHbi see cfiaM/ibi (a b c/iynae c me 
MX oKaaa/iocb HecKO/ibKO -make, gettext, li- 
biconv M T. A-)' ^VAGt Bbino/iHeHa cbopKa m 
ycTaHOBKa me b /usr/local. 

Fla caMTe FreeBSD no aApecy http://www. 
freebsd.org/ports/index.html HaxoAMTC/i yAo6- 
Ha/1 CMCTeMa noMCKa nopToe, KOTopa/i noMO>KeT 
BaM OTbicKaTb HeobxoAMMbiM naKeT. 

rioc/ieAHee, o neM xoTe/iocb 6bi 3Aecb cKa- 
3aTb, — 3T0 Bbibop /lOKa/iM HenpMBM/ie- 
TMpOBaHHOrO n0/lb30BaTe/151. HTo6bl M3MeHMTb 
3HaneHMe no yMO/inaHMio, HeobxoAMMO OTpe- 
AaKTMpoBaTb c|DaM/i ~/-l-ogin_conf, AobaBMB 
c/ieAyK)iAMe ctpokm: 

me:\ 

:charset=K0I8-R:\ 

:lang=ru_RU.K0I8-R: 

Bot, b npMHAMne m see. Tenepb Bbi MO>KeTe 
ABMraTbC5i Aa/ibme, HacTpaMsa/i CMCTeMy noA 
CBOM Hy>KAbi. KaK HacTpoMTb caMbie ea/KHbie 
A/l/1 HOpMa/lbHOrO c|DyHKAMOHMpOBaHM51 CMCTe- 
Mbi c/iy>K6bi 6yA6T noApobHo paccKaaaHo b 
noc/ieAyioiAMx CTaTb/ix. 

■ ■ ■ AjieKcaHAP KynpwH 
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# MHCTA/1/i;iUMn M HACTPOMKA/_ paSoTaBceTM 


SI 



CereBOM 

K0J1X03/ 


0 6 14 M M flocryn k c|) a m ji a m 

PaHO M/iM no3AHO y ;iio6oro no/ibaoBaie/iJi BOSHUKaei Heo6xoAHMOCTb 
noAe/iMTbCJi CBOMMM c|)aM;iaMM c ApyrnMH K/ineHiaMU ;ioKa;ibHOM cein. 
Mo)kho, KOHeHHO, opraHMSOBaib c|)aM;iOBbm o6m6h nocpeACiBOM WWW- 
M FTP-npoTOKo;iOB (m Bbi HaBepHSKa arc y>Ke CAe/ia/in). Ho cyiuecTByiOT 
ropasAO 6o;iee yAo6Hbie cnoco6bi. MraK, BCTpenaMTe — NFS. 


6166351 4)aM.nOBa51 CMCT6M3 (NFS — 
N6twork FiL6 Syst6nn) o66cn6HHBa6T 

C0BM6CTH06 MCn0;ib30BaHM6 c()aM;iOB B 
OC Unix. B T3KMX 0n6paUH0HHblX CMCT6M3X, 
K3K Windows m;im Mac OS, 6Cib cbom M6xa- 
HMSMbl C0BM6CTH0r0 MCn0;ib30BaHM51 4)aM;iOB, 
n03B0;i51K)mM6 nOAK/lK)H6HHblM K C6TM KOM- 
nbfOT6paM o6pamaTbC5i k cfiaM/iaM na yAa;i6H- 
HblX MaiUMHaX T3K, K3K 6C/1M 6bl OHM H3X0AM- 
JlMCb Ha MX Co6cTB6HHOM AHCK6. CmCT 6M3 
NFS o66Cn6HMBa6T T6 >K6 np6MMyiA6CTB3, 3 
KpOM6 TOrO — P51A B03M0)KH0CT6M, OTCyiCT- 
ByfoiAMx B ApyrMx npoTOKO/iax cobmocthoto 
MC no;ib30BaHM51 CfiaM/lOB. 


HeMHoro reopMM 

OC Windows Mcno;ib3y6T coBMOCTHoro ao- 
ciyna k cjDaM/iaM npoioKO/i NotBIOS, a Mac 
OS — npoTOKO/i AppLoTaLk. 06a 3 tmx npoioKO- 
;ia AByxT0H6HHbi6: Ka>KAa5i cmct 6M3 coo6ma6T 

0 CB06M npMCyiCTBMM B C6TM lUMp0K0B6lAa- 
T6/lbH0M paCCbl/lKOM, M BC6 MaiUMHbl MOryi AH" 
H3MMH6CKM M0HTMp0B3Tb pOCypCbl APyr APyra, 

np6A0CTaB/i6HHbi6 o 6 iA 6 ro Aociyna. Cmc- 

T6M3 NFS OT/lMHa6TC51 OT HMX T6M, HTO MCnO/lb- 
3y6T npOTOKO/1 TMna «K;1M6HT-C6PB6P», 51BH0 
BblAe/15151 C6pB6pbl, np6AOCTaB/151K)lAM6 p6Cyp- 
Cbl B C0BM6CTHblM AOCiyn. 3 tM pocypcbl B CBOfO » 
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» onepeAb Moryi 6biib CMOHTMpoeaHbi yAa/ieH- 
HbiMM K/iMeHiaMM NFS. TaKMM o6pa30M, o6'beM 
nepeAaeaeMOM no ceiM HHc|DopMauMM yMCHb- 
maeTC5i sa cnei OTcyTCTBH5i MHoroHMc/ieHHbix 
HeHy>KHbix sanpocoB m otbotob Ha hmx. KpoMe 
Toro, cepBep 5 ibho onpeAe;i5ieT, KaKi/ie K/ineHTbi 
Moryi K H6My noAK/ifonaibc^i, b saBMCMMOCTM ot 
MM eHM xocia M/iM IP-aApeca. Eme oaho no/ies- 
HOe CBOMCTBO CMCieMbl NFS COCTOMT B TOM, HTO 
OHa He saBMCMT OT lUMpoKOBeiAaTe/ibHOM pac- 
Cbl/IKM B JlOKa/lbHOM C6TM, Mcno/ibsyfoiAeMC^i 
A/151 BbmB/ieHM/i cepBepoB. FloaTOMy ee mo>kho 
M cno/ib30BaTb no l/lHTepneTy tohho tbk >Ke, kbk 
M B /lOKa/lbHOM C6TM. FIOMMMO 3TOrO, NFS OT- 
c/ie>KMBaeT ue/iocTHocTb nepeAaBaeMbix Aan- 
Hbix, yMeHbiua/i Bepo/iTHOCTb mx noTepn. 

fl/151 onepauMOHHOM CMCTeMbi FreeBSD 
NFS — TaKa /1 >Ke c|3aM/iOBa5i CMCTeMa, kbk m /iio- 
6a/i Apyra/ 1 . 06iamm pecypc NFS Bbi MO>KeTe 

CMOHTMpOBaTb nO CeTM TOHHO TBK >Ke, KBK A^C- 
KeTy M/iM pa3Ae/i >KecTKoro AUCKa. 06iAne pe- 
cypcbi MoryT Aa>Ke aBTOMaTMHecKM mohtmpo- 
BaTbC5i npM o6paiAeHMM k hum, ec/in K/iMeHTCKa/i 
CMCTOMa Haapoena cooTBOTCTByioiAMM o6pa30M 
(o6 3TOM Mbi paccKa>KeM HeMHoro no3>Ke). 

FreeBSD mo>kho CKOHcf)MrypMpoBaTb 
pa6oTbi B KanecTBe cepBepa NFS, K/ineHTa NFS 
M/IM M TOrO, M APyrOrO OAHOBpeMeHHO. 

KoH(bMrypMPOBaHMe 

cepBepa NFS 

FlacTpoMKa FreeBSD f\j\s\ pa6oTbi b KanecTBe 
cepBepa NFS Tpe6yeT Ao6aB/ieHH5i Bcero oa- 
HOM CTpoKM B cfiaM/i /etc/rc.copf: 


nfs_server_enable = "YES" 

y6eAMTecb, HTO napaneTp portmap_enabLe 
MMeeT 3HaHeHne "YES" (kbk sto 6bi/io ycTa- 
HOB/ieHO no yMO/iHaHMfo, ec/in Bbi ero He H3- 
MeHM/iM). fleMOH portmap Heo6xoAHM f\j\s\ 
Cf)yHKUMOHMpOBaHM51 CMCTeMbi NFS, POCKO/lb- 
Ky NFS-cepaepy Tpe6yeTC/i MexaHM3M coo6- 
u\eHm K/iMeHTaM o tom, k KaKOMy mmohho 
nopTy noAK/iK)HaTbC5i. 

Floc/ie ycTanoBKM 3tmx om\m m nepeaa- 
rpy3KM OC FreeBSD npeAOCTaBMT nepea NFS 
o6iAMe pecypcbi, yKasaHHbie b c|DaM;ie /etc/ex- 
ports. B HeM AO/DKHbi 6biTb nepeHMc/ieHbi Ka- 
Ta/iorM, KOTopbie neo6xoAMMO OTAaTb a/i/i o 6- 
mero AOCTyna nepea NFS, a TaK>Ke no/ibaoBa- 
Te/iM M xocTbi, KOTopbie 6yAyT MMeTb npaao 
AOCTyna k hmm. Ec/im cfiaM/i /etc/exports He 
cymecTByeT m/im HeAOCTynen a/i/i HTeHM/i npM 
aanycKe ceTM, CMCTeMa NFS He aanycTMTC/i. 

rio/iHbiM c|DopMaT c|DaM;ia /etc/exports ohm- 
cbiBaeTC/1 Ha CTpaHMuax cnpaBOHHoro pyKO- 
BOACTBa man exports. CTpoKa 3KcnopTa ao/dk- 

Ha COCTO/ITb M3 OAHOrO M/IM HOCKO/lbKMX MMOH 
KaTa/ioroB, KOTopbie SKcnopTMpyiOTC/i (npeAO- 
CTaB/i5iK)TC5i o6iAero AOCTyna), ouu,m skc- 
nopTa M Heo6/i3aTe;ibHoro cnMCKa xoctob (aa- 
AaaaeMbix IP-aApecoM, mmohom cotm, cotobom 
rpynnoM m/im no mmohm), KOTopbiM paapema- 
eTC5i Mcno/ib30BaTb cooTBOTCTByioiAMe KaTa/io- 
TM. FlanpMMep, c/ieAyioiAa/i CTpoKa npeAO- 
CTaB/i5ieT B o6iamm AOCTyn KaTa/ior /home m 
Bce ero noAKaTa/iorM /iio6oro noAK/iio- 
HMBiueroc5i xocTa: 



/home -alldirs 

Yhtmto, HTO onuM5i -aLLdirs mo/kot yKaabi- 
BaTbC5i TO/ibKO B TOM c/iyHae, ec/iM o6iamm pe- 
cypc 51B/15ieTC51 TOHKOM MOHTMpOBBHM/l cf)M3M- 
HecKOM c|DaM/ioBOM cMCTCMbi (HanpMMcp, /usr 
M/iM /home). B npoTMBHOM c/iynae AOCTyn k 
pecypcy npeAOCTaB/ieH He 6yA6T. 

06iamm pecypc, AOCTyn k KOTopoMy (to/ibko 
A/151 HTeHM5i) MoryT no/iyHMTb TpM yKaaaHHbix 
xocTa, M0)KH0 aaAaTb c/ieAyionMM o6paaoM: 

/usr -ro -alldirs office.domain.ru man- 
agers. domain.ru 192.168.0.16 

Floc/ie BHeceHM 5 i MaMeneHMM b cfiaM/i 
/etc/exports neo 6 xoAMMO nepeaanycTMTb cm- 
CTeMy NFS. fl/i 5 i aioro Hy>KHO yKaaaib maohtm- 
c|DMKaTop cooTBeTCTByiomero npouecca, co- 
Aep>KaiAMMC 5 i B cf)aM/ie /var/run/mountd.pid, 
HanpMMep, c noMOiAbio KOMaHAbi: 

# kill -HUP 'cat /var/run/mountd.pid' 

fl/151 no/iyHeHM5i cnMCKa Bcex MMeioiAMxc5i 
o6iamx pecypcoB m npaa AOCTyna k hmm mo>k- 
Ho Mcno/ib30BaTb KOMaHAy showmount. Flpo- 
BepMTb, npaBM/ibHo /im HacTpoeH cfiaM/i 
/etc/exports, mo>kho c/ieAyionMM o6paaoM: 

# showmount -e 
Exports list on localhost: 

/usr Everyone 

/home/lena 192.168.0.47 

/home/vasya 192.168.0.49 

/ 192.168.0.1 » 


PBTOMaTMsaiiMfl AOCTyna 


Pa6ora c rpynnoM 

HTo6bi 6o/iee rM6KO ynpae/inTb AOCTynoivi 
K pecypcaivi NFS, b cpaPi/ie /etc/netgroup 
MO>KHO ynasaTb rpynnbi xoctob. Fpynna 
saAaeTCH c/ieAyiou^MM o6pa30ivi: 

MMH_rpynnbi (xoct, nojibSOBaTejib, AOMen) 
(xocT, nojibsoBarejib, AOMen) ... 

HanpMMep, a/i^ cosAaHMH rpynnbi friends, 
coAep/KaLueM tpm onpeAe/ieHHbix xocTa (c 
MMenaMM friendl, friend2, friendS), Heo6- 
xoAMMO AodaBMTb c/ieAyiOLAyio CTpoKy: 


friends (friendl,,) (friend2„) (friend3„) 

Fpynna Ha 6ase MMeH no/ibsoBaTe/iePi mo- 
>KeT MMeTb TaKOM bma: 

office (,kirill,) (,lena,) (,vasya,) 

SaTeM MO>KHO Mcno/ibsoBaTb /iiodoe ms 
STMX MMeH rpynn ms cpaM/ia /etc/netgroup 

BMeCTO MMOH XOCTOB B 4)0 M/1 0 /etC/OX- 

ports, HTodbi BbiAe/iMTb o6lamm pecypc 
NFS TO/ibKO H/ieHOM Hy>KHOM rpynnbi. 
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#df 


Filesystem 

IK-blocks 

Used 

Avail 

Capacity 

Mounted on 

/dev/adOsla 

992239 

54353 

858597 

6% 

/ 

/dev/adOslf 

26704179 

4872963 

19694882 

20% 

/home 

proofs 

4 

4 

0 

100% 

/proc 

office:/home 

9924475 

1642343 

7488174 

18% 

/home2 


Ta6;iMua 1. Pesy/ibrar Bbino;iHeHiisi KOiviaHAbi df 


» KoH(bMrypMPOBaHMe 

K/ineHia NFS 


Ecj]]a Bbi co6npaeTecb MOHiMpoBaib o6mne 
pecypcbi NFS c ApyrMx cepaepoB, Heo6xoAHMO 
CKOHcf)MrypMpoBaTb Bamy CMCieMy b KaneciBe 
K/lMeHia. C TeXHMHeCKOM TOHKM 3peHM51 3T0 
C0BC6M He o65i3aTe;ibHo — mo>kho mohtmpo- 
Baib o6iamm pecypc NFS npMMMTMBHbiM cnoco- 
6 om 6e3 BC51KMX npeABapme/ibHbix HacipoeK. 
OAHaKO KOHc|DMrypMpoBaHMe CMCieMbi b Kane- 
CTBe K/iMeHia NFS npeA0CTaB/i5ieT Aono/iHM- 
le/ibHbie B03M0>KH0CTM M rapaHTMpyei 6bicT- 
pyfo M HaAe>KHyK) pa6oiy. 

fl/151 HacipoMKM K/iMeHia NFS BK/ifonme b 
cf)aM;i /etc/rc.conf c;ieAyK)iAyK) cipoKy: 

nfs_client_enable = "YES" 

3ia yciaHOBKa BK/ifonaei asmoh bbo- 
Aa/BbiBOAa NFS, nfsiod, noMorafomi/iM ycKO- 
pMTb Bbino/iHeHMe K/iMeHTCKMx aanpocoB m 
H acipaMBafoiAMM HecKO/ibKO napaMeipoB 5 ia- 
pa, HTo6bi yMeHbiuMTb BpeM5i Aociyna. Oh He 
06513aTe;ieH f\J\S\ c|3yHKUMOHMpOBaHM51 K/lMeH- 
la NFS, HO ycKop5ieT pa6oiy nocpeACTBOM 
npoBeAeHM5i acMHxpoHHbix onepauMM Hie- 
HM5i/3anMCM. «Onepe>KaK)iAee HTeHne» m 
« 3anncb c 3aAep>KK0M» Bbino;iH5iK)TC5i b c|do- 
HOBOM pe>KMMe, HTO M36aB;i5ieT OT Heo6xOAM- 
MOCTM o>KMAaTb 3aBepiueHM5i Ka>KAoro noc/ie- 
AOBaie/ibHoro mara npouecca. 

fl/151 aanycKa AeMona 6ea nepeaarpyaKM 
Bbino/iHHie KOMaHAy: 

# nfsiod -n 4 

HOHTMpOBaHMe Ufla/ieHHbIX 
(|)aMnOBblX CMCTeM 

MoHTHpoBaHHe o6mero pecypca NFS Bbino/i- 
H5ieTC5i c noMOiAbfo KOMaHAbi mount_nfs, ko- 
T0pa51 51B;i5ieTC51 COKpameHHblM BapnaHTOM 
ciaHAapTHOM KOMaHAbi mount -t nfs. KaK 
npaBM/io, 3T0M KOMaHAe nepeAaeic^i ABa ap- 
ryMenia — xocia m o6mero pecypca 
B BMAe KOM6nHMpOBaHHOM CTpOKM, a TaK>Ke 
;ioKa;ibHa5i lOHKa MOHTnpoBaHM5i: 

# mount_nfs officer/home /home2 


ripM ycneiUHOM MOHTMpOBaHMM Ha 3KpaH 
He BblAaeTC51 HMKaKMX C 006 meHMM. ripOBe- 
pMTb, ycneiuHO ;im npon30iu;io MOHTMpoBaHne, 
MO>KHO KOMaHAOM df (CM. Ta6/iMAy 1) 

OaM/iOBa^i CMcieMa 6 yAei ociaBaibc^i cmoh- 
TMpoBaHHOM AO Tex nop, noKa He 6yAei 5 ibho 
AeMOHTMpoBana c noMOiAbio KOMaHAbi umount: 

# umount /home2 

KaK M A-H51 Apymx TMnoB cfiaMnoBbix cmc- 
TOM, MO>KHO A 06 aBMTb OHMCaHMe MOHTMpye- 
Mbix pecypcoB NFS b cfiaMn /etc/fstab, hto 
Bnoc/ieACTBMM ynpocTMT caM npouecc mohtm- 
poBaHM5i (Ta6nnAa 2). FlpM laKOM 

3anHCM MO>KHO CMOHTMpOBaib cfiaM/lOByK) CMC- 
TeMy NFS npocTOM KOMaHAon: 

# mount /home2 

Bo/iee noApo6Hyio HHc|3opMauMK) o6 onuM- 
51 X MOHTnpoBaHM 5 i MO>KHO nonyHMTb B cnpa- 
BOHHOM CMCTOMe C nOMOlAbfO KOMaHAbi 

# man mount_nfs. 

I^BTOMaTMHeCKOe MOHTMpOBaHMe 

fleMOH aBTOMaiMHecKoro MOHTnpoBaHM5i amd 
Aenaei pa6oiy c o 6 iammm pecypcaMM NFS eme 
6o;iee yAo6noM. Oh no3Bo;i5ieT MOHiMpoBaib 
MX (a Ha caMOM AO/ie — m Bce iMnbi cfiaM/io- 
Bbix cmctom) AHHaMMHecKM npM nepexoAe b 
H eo 6 xoAMMbiM Kaianor, ne bboa^i npM 3 tom 
HMKaKMX KOMaHA MOHTMpOBaHM51. 

OC FreeBSD o6ecneHMBaei npocTOM cnoco6 
HacipoMKM 3Toro AOMOHa. flo6aBbie cneAyio- 
myio cipoKy B cfiaMn /etc/rc.conf: 

amd_enable="YES" 

ripM nepeaarpyaKe CMCieMbi aomoh amd 
3anycTMTC5i c oham^imm, KOTopbie 3aAaiOTC5i 


napaMeipoM amd_fLags. CiaHAapTHoe BHane- 
HMe 3TMX onuMM o6ecneHMBaei aBioMaiMHec- 
KOe MOHTMpOBaHMe no MMOHM Bcero COAep>KM- 
Moro Kaia/ioroB /host m^m /net, KOTopbie 
aBTOMaiMHecKM 6yAyi co3AaHbi aomohom amd. 
fleMOH MO>KHO TaK>Ke aanycTMTb BpyHHyio — c 
noMOiAbfo KOMaHAbi: 

# amd -a /.amd_mnt -I syslog /host 

/etc/amd.map /net /etc/amd.map 

ripM pa6oTaioiAeM aomoho amd nepeMAMie 
c noMOiAbfo KOMaHAbi cd b Kaia/ior /host m 
npocMOTpMie ero coAep>KMMoe. Kaianor nyci: 

# cd /host 
#ls 

# 

Oahbko nonbiiaMiecb nonyHMib Kaianor no 
MMOHM, KaK ecnM 6bi laM y>Ke 6bma AnpeKio- 

pM51, MM51 KOTOpOM COBnaABOT C MMOHOM OAHO- 

ro M3 cepaepoB NFS b cotm: 

# Is office 

# home 

B Kaianore /host AOMCTBMTenbHO no5iBMnc5i 
Kaia/ior office, a b HeM — noAKaianor home, 
coAep>KaiAMM to >Ke caMoe, hto m office:/home. 

Oh TO/lbKO HTO aBTOMaTMHeCKM CMOHTMpOBa/lC51 B 
KaTa/ior /host npM nepBOM o6pameHMM k neMy. 

fl;i5i eme 6onbiuero yAo6cTBa mo>kho co- 
3A3Tb ccbmKy Ha Hy>KHbiM KaTa/ior: 

# In -s /host/office/home /home2 

C 3Toro MOMeHTa npM nepexoAe b KaTanor 
/home2 o6iamm pecypc office:/home 6yA6T 

MOHTMpOBaTbC51 aBTOMaTMHeCKM, M Bbl nO/iyHM- 
Te AOCTyn k Hy>KHbiM cfiaM/iaM. FleMcnonbsye- 
MbiM o6iamm pecypc 6yA6T aBTOMaTMHecKM ag- 
MOHTMpOBaH, HTO TaK>Ke yAo6Ho. » 
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# Device Mountpoint Fstype Options Dump Pass# 

officer/home /home2 nfs rw,-T,-i,noauto 0 0 

Ta6;iMua 2. OnncaHiie MOHTMpyeivibix pecypcoe NFS 


» B c/iynae hcoOxoammoctm mo>kho cosab- 
eaib HaMHoro 6o;iee c;io>KHbie Kapibi mohtm- 
poBaHM5i ASMOHa amd, saAaea^i sanMCM 
B cfiaM/ie /etc/amd.conf. OdpaiMTe bhhmb- 
HMe: noc/ie yciaHOBKM OC FreeBSD aioro 
cfiaM/ia He cymecTByeT — ero Hy>KHO cosAaib 
caM0CT05iTe;ibH0 c/ieAywiAMM odpasoM: 

#touch /etc/amd.conf 

rioApoOHbie CBeAeHM5i o ero cjDopMaTe m 
npeAOCTaan^ieMbix mm bo3mo>khoct5ix mo>kho 
nocMOipeib Ha cipaHMuax cnpaBOHHoro py- 
KOBOACTBa man amd.conf. 

BsaMMoneMCTBMe 
c lilindous-ceTbH) 


A HTO Ae/iaib, ecnM Oo/ibiumhctbo no/ibsoBaie- 
neM BameM ;ioKa;ibHOM ceiM paOoiafOT na 
KOMnbfoiepax noA ynpaaneHMeM OC Windows? 
CMCieMa NFS — oinMHHoe pemeHMe npo6;ie- 
Mbl COBMeCTHOrO MCnonb30BaHM51 cfiaM/iOB 
Unix-MaiuMHaMM, oahbko ona Ma/io pacnpoci- 
panena b donbiuMHCiBe nonbaoBaienbCKMx 
onepauMOHHbix cmctom. OC Windows noAAep- 
>KMBaeT ee to/ibko c noMOiAbfo npMno>KeHMM 
CTOpOHHMX npOM3BOAMTe/ieM. FIOSTOMy npM 
BK/ifOHOHMM KOMObfOTopa noA ynpaBneHMOM 
OC FreeBSD b cymecTByfoiAyfo ceib neodxoAM- 
MO, HTo6bi OC FreeBSD noAAep>KMBa;ia le >Ke 
MeiOAbi coBMecTHoro Mcno;ib30BaHM5i cfiaM- 
noB, HTO M Windows. 

rioAodHbie cpeACTBa coBMeciHoro mc- 
no/ib30BaHM5i cfiaM/iOB M3HaHa;ibH0 ne Bcipo- 
eHbi B FreeBSD. Oahbko Aono/iHMie/ibHbiM 
naKei noA nasBaHMeM Samba npeAOCiaBMi 
BameM MamMHe noA ynpaaneHMeM 3 tom OC 

B03M0>KH0CTb paOoTaTb B KaHecTBe cfiaMn- 

cepBepa Windows m ynacTBOBaTb b cobmoct- 
HOM Mcno;ib30BaHMM cfiaMnoB c pea/ibHbiMM 
K/iMeHiaMM Windows. 

BeeneHi/ie b CMcreMy Samba 

CMCTOMa Samba — sto HeKOMMepnecKMM 
npoeKT C OTKpbITbIM MCXOAHbIM KOAOM, KOTO- 
pbiM no3BO/iMT BameM CMCieMe FreeBSD 


no;ib30BaTbC5i BceMM npeMMymecTBaMM 
coBMecTHoro Aociyna k cfiaMnaM Windows, 
BK/iK)Ha5i no5iBneHMe MamMHbi b chmcko pe- 
cypcoB ceiM, aaiAMiy noAK/ifoneHMM Ha oc- 
HOBe AOMeHOB NT m perMcipauMfo no;ib30Ba- 
leneM, a TaK>Ke noAAep>KKy ceieBbix c;iy>K6 
nenaiM m ApyrMx yao6ctb. 

UcraHOBKa m KOH(|)MrypMpoBaHMe 

CMCTSMbi Samba 

CMCTOMa Samba Aociynna cpeAM nopiMpoBan- 
Hbix npMno>KeHMM b Kaia/iore /usr/ports/ 
net/samba m^m b bmac naKeiOB na caMie npo- 
M3BOAMTe;i5i. PeKOMeHAyeic5i ycianoBMib npM- 
;io>KeHMe m 3 CMCieMbi nopiOB, npeABapMienb- 
Ho o6hobmb ee c/ieAytoiAMM obpaaoM: 

# cd /usr/ports/net/samba 

# make install clean 

B cociaB naKeia bxoamt eAMHCTBeHHbiM 
KOHcfiMrypauMOHHbiM cfiaMn — smb.conf.de- 
fault, KOTopbiM paboTbi neobxoAMMO 
CKonMpoBaib B smb.conf. CuenapMM aanycKa 
/usr/Local/etc/rc. d/samba. sh. sample TaK>Ke 
HeobxoAMMO nepeMMenoBaib b samba. sh. 

B caMOM npocTOM c/iynae aanycKa CMCie- 
Mbi Samba neobxoAMMO to/ibko oipeAaKTM- 
poBaib c|DaMn smb.conf, M3MeHMB cipoKy pa- 
6oneM rpynnbi b cootbotctbmm c MMeneM 
paboneM rpynnbi m^m AOMena, b KOTopbiM 
AO/DKHa BxoAMTb MamMHa: 


- 

— 


* f m riiQipift % 











— -M— 






Pecypcbi Windows-ceTM mo>kho npocMar- 
pneaTb (|>aM;iOBbiM ivieHeA>KepoM Nautilus 


# workgroup = Hmh AOMena vum paboueu 
rpynnbi NT, nanpviMep, WORKGROUP 
workgroup = MY_WORKGROUP 

Tenepb npM nepeaarpysKe CMCieMbi Samba 
byAei 3anycKaibC5i aBiOMaiMHecKM. 

HHTepHCT-SlilAT 

OcHOBHOM cfiaMn KOHcfiMrypauMM CMCieMbi 
Samba — /usr/local/etc/smb.conf, b koto- 
poM M0>KH0 ycianaBAMBaTb agc^itkm paanMH- 
Hbix napaMeipoB m saAaBaib obiAMe pecypcbi. 
Ka>KAa5i ou[\m nennoxo onMcana b kommoh- 
iapM5ix B cfiaMne npMMepa smb.conf.default; 
OAHaKo c xoAy pa3o6paibC5i b coAep>KMMOM 
3Toro cfiaMna nenpocio: ouu,m ycianoB- 
KM laM oneHb mhoto (bco ohm AeiaAbHo ohm- 
caHbi Ha cipaHMuax cnpaBOHHoro pyKOBOACT- 
Ba man smb.conf) m Me>KAy hmmm ecib Macca 

TOHKMX paSAMHMM. 

CymecTByeT TaK>Ke aAbTepnaTMBHbiM Me- 
TOA cf)opMMpoBaHM5i M HacTpoMKM cfiaMna 
smb.conf. Penb ma6t o CMCieMe SWAT 
(Samba Web Administration Tools), Koiopa^i » 
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# MHCTA/l/iyiUM51 M HACTPOMKA/_ pa6oTaBceTM 



» bxoamt b cociaB nopiMpoBaHHoro naKeia 
Samba m no3Bo;i5ieT KOHcjDMrypMpoBaTb ero 
Hepes Be6-6pay3ep. B pe3y;ibTaTe cymeci- 
BeHHo ynpomaeTC5i pa6oia c cfiaM/iOM koh- 
cfiMrypauMM, CHH>KaeTC5i Bepo5iTHOCTb no5iB- 
;ieHM51 B H6M 01 Um 60K. HeAOCTaTOK >Ke stom 
CMC ieMbi, K co>Ka;ieHMK), opraHMHecKM npM- 
cyiA BC6M Be6-npn;io>KeHM5iM — 3 to cymecT- 
BeHHa5i yrpo3a 3aiAme. CMCieMa SWAT ay- 
TeHTMc|DMAMpyeT no;ib30BaTe;ieM c noMOiAbfo 
6a3bi AaHHbix no;ib30BaTe;ieM cMcieMbi 
FreeBSD, xpaH5UAeMC5i b /etc/master. passwd, 
M nocbi/iaei 3 tm ASHHbie no ceiM b 5ibhom 
BMA e, TAe OHM Moryi 6biib nepexBaneHbi 3/io- 
yMbim/ieHHMKOM. CHM3MIb pMCK MO>KHO HO- 
CKO/lbKMMM cnocobaMM. 

► ObpaiAaMiecb k CMCieMe SWAT to/ibko c ;io- 
Ka/ibHoro xocia (LocaLhost). 3to npeAOiBpa- 
TMT nepecbi/iKy MHcfiopMauMM no ceiM. 

► PaboiaMie to/ibko noA aaiAMioM bpaHAMay- 
3pa, aanpemafomero m/im orpaHMHMBafomero 
nepeAany MHcfiopMauMM M3BHe. 

► Flo yMO/inaHMfo c|DaM;i smb.conf npMHaA/ie- 
>KMT no;ib30BaTe;iK) root, noaiOMy bpayaep 
AO/DKeH perMCTpMpoBaTbC5i B CMCieMe SWAT, 
nepeA3Ba5i napo/ib no;ib30BaTe;i5i root, koto- 
pbiM nocbi;iaeTC5i no ceiM b 5ibhom (HemMcf)- 
poBaHHOM) BMAe BMecie c Ka>KAbiM FITTP- 
aanpocoM k SWAT. FImkotab He Ae/iaMie 3io- 
ro B CeiM, B KOTOpOM MO>KeT HaXOAMTbC51 
noieHAMa/ibHbiM 3/ioyMbiiu;ieHHMK. 

► Co3AaMie cfiMKiMBHoro no;ib30BaTe;i5i (na- 
npMMep, smbowner) m CAe/iaMie ero B/ia- 
Ae/ibueM cfiaM/ia smb.conf (c noMOiAbfo ko- 
MaHAbi chown). Pa6oia5i c cmctomom SWAT, 
perMcipMpyMiecb b KaneciBe 3ioro no;ib30- 
Baie;i5i, a ne KaK no/ibaoBaie/ib root. Fie mc- 
no/ibayMie 3io mm5i no;ib30BaTe;i5i a-h^i peme- 
HM51 ApyrMx 3aAan na cepaepe, ne AaeaMie 


eMy HMKaKMx npMBM/ierMM, aanpeiMie Aociyn 
K KOMaHAHOMy MHTepnpeiaTopy m ne C03Aa- 
BaMie eMy AOMaiuHMM Kaia/ior. 

rioAAep>KKy SWAT mo>kho BK/ifOHMib, Ao6a- 
BMB c;ieAyK)iAyK) cipoKy b dpaiAn /etc/services: 

swat 901/tcp 

3aieM AobaBBie c/ieAywnyfo cipoKy b 
cfiaM/i /etc/inetd.conf: 

swat stream tcp nowait root 
/usr/local/sbin/swat swat 

I/I HaKOHeu nepeaanycTMie agmoh inetd: 

# killall -HUP inetd 

# inetd 

Tenepb mo>kho o6paiAaibC5i k CMCieMe 
SWAT no aApecy URL http://LocaLhost:901. 
Ona aanpocMT mm5i no;ib30BaTe;i5i m napo/ib. 

CMCieMa SWAT no3Bo;i5ieT M3MeH5iTb npeAO- 
ciaen^ieMbie o6mero Aociyna pecypcbi m 
npMHiepbi, a TaK>Ke rno6a;ibHbie nacipoMKM 
Samba. C ee noMoiAbfo bbi MO>KeTe TaK>Ke ya- 
Haeaib o leKymeM coci05iHMe cepaepa m yn- 
paan^iTb no/ibaoBaie/i^iMM CMCieMbi. 

Ec/im >Ke BBI npeAnoHMiaeie Ae/iaib ace 
cobciaeHHbiMM pyKaMM, MO>KeTe bhoctm M3Me- 
HeHM5i B c|DaMn KOHcjDMrypauMM Samba nocpeA- 
CTBOM np5iMoro peAaKTMpoaaHM5i cfiaM/ia 
smb.conf a nfobMMOM leKCioaoM peAaKiope. 


[public] 
comment = 
path 
public 
writeable = 
printable = 
write list = 


ObiAvie (J)aMJibi 

/usr/local/share/samba-public 

yes 

yes 

no 

@users 


ripM Ha;iMHMM laKMx cipoK K/iMeHT 6yAei bm- 
Aeib B ceieaoM 0Kpy>KeHMM pecypc public aa- 
luero KOMnbiOTepa. OAHaKO noKa no/ibsoBaie/ib 
He 6yAei ayieHiMcjDMAMpoBaH m ne OKa>KeTC5i 
H/ieHOM Unix-rpynnbi users, cjDaM/ibi pecypca 6y- 
Ayi AOCiynHbi eMy to/ibko a^^ HieHM5i. 

Flo yMO/iHaHMfo onpeAe;i5ieTC5i m BK/ifonaei- 
C51 obiAMM pecypc [homes] — aio cneuMa/ib- 
HbiM BCipoeHHbiM pecypc, obecneHMBafoiAMM 
AOCiyn K AOMamneMy Kaia/iory Ka>KAoro no/ib- 
30Baie;i5i, onpeAe/iennoro na cepeepe Samba: 


[homes] 

comment = floMaiunvie Kaianorvi 
browse able = no 
writeable = yes 


3tot pecypc yciaHOBnen KaK «ne npocMa- 
ipMBaeMbiM», HO ec/iM k/imohi noAK/iK)HaeTC5i 
OT MMOHM no;ib30BaTe;i5i, MMefomero AOMam- 
HMM Kaianor na cepaepe Samba, to Kaia/ior 
n051BMTC51 KaK OAMH M3 obiAOAOCTynHbix pe- 
cypcoB. floMaiuHMe Kaia/iorM ApyrMx no/ib- 
30Baie;ieM He 6yAyi bmahbi. 


[IpeflocTaBJieHMe Kara/ioroB 
fVifl o6iiiero Aocryna 

FleMa/io npMMepoB KOHcf)MrypMpoBaHM5i Ka- 
la/ioroB o6mero AOCiyna mo>kho naMiM a 
cjDaMne smb.conf.default. Hto6bi aaAeMCTBO- 
aaib MX, BHecMie cooTaeiCTayfoiAMe M3MeHe- 
HM51 (CH51B KOMMeHiapMM Ha Hy>KHblX CipO- 
Kax) B cjDaMn smb.conf, a aaieM nepeaanyc- 
TMie cepaep Samba: 

# /usr/local/etc/rc.d/samba.sh stop 

# /usr/local/etc/rc.d/samba.sh start 

riepeaanycTMTb Samba mo>kho TaK>Ke nepea 
Be6-MHiepc|DeMC cMcieMbi SWAT. 

Hto6bi npeAOCTaaMTb KaKOM-nM6o Kaianor 
a o6mee no/ibsoaaHMe, Hy>KHO onpeAe/iMib 
ero KaK o6iamm pecypc: 


COBMeCTHBfl neHBTb 

KaK M [home], [printers] — cneuMa/ibHbiM o6- 
lAMM pecypc, neMHoro oinMHafoiAMMC^i ot oc- 
la/iBHbix. B OC FreeBSD Bce npMHiepbi, onpe- 
Ae/ieHHbie a c|DaMne /etc/printcap, AOCiynHbi 
BceM no;ib30BaTe;i5iM. Flo yMO/inaHMfo o6iamm 
pecypc [printers] Hacipoen laK: 

[printers] 

comment = Samba-npuHiep 
path = /var/spool/samba 

browse able = no 

# ycTanoBviTe public =yes, uTobbi paspe- 
mviTb neuaib nojibsoBaiejiK) guest 


guest ok 

= no 

writeable 

= no 

printable 

= yes 
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» UnpaB/ieHMe flocrynoM 

B CMCieMe Samba MMeeic^i abb nony;i5ipHbix 
cnoco6a ynpae/ieHM^i AOCiynoM — Ha ypoBHe 
no/ibsoBaie/ieM m Ha ypoBHe o 6 iamx pecyp- 
COB. CiaHAapTHoe ynpaB/ieHne AOCiynoM npo- 
McxoAMT Ha ypoBHe no/ibsoBaie/ieM m saAaei- 
C51 onuMeM security b cfiaM/ie smb.conf: 

security = user 

ripM laKOM ynpaB/ieHMM AOCiynoM K/iMeni 
npM Hana/ie coeAHHeHM5i npeAOCiaB/i^ieT cep- 
Bepy napy H3 mmchm no/ibsoBaie/i^i m napo/i5i. 
Ec/im cepaep npMMei K/iMenia, eny 6yAyi ao- 
ciynHbi Bce o6iAne pecypcbi. 

ripM ynpaB/ieHMM AOCiynoM Ha ypoBHe o6- 
lAMx pecypcoB K/iMeni MO>KeT noAK/ifonaibc/i 
K cepaepy Samba 6es bc/ikom ayieHTMcfiMKa- 
AMM. K/iMeHiy MO>KeT 6biib oiKasano b Aociy- 
ne, TO/ibKO ec/iM ero IP-aApec ne yKasan b 
c|DaM;ie smb.conf (b cipoKe hosts aLLow). flpM 
laKOM cnocobe ynpaa/ieHM/i AOCiynoM k/imcht 
CB 060AH0 MO)KeT no/iyHMTb lo/ibKO le obiAMe 
pecypcbi, KOTopbie noMenenbi napaMeipoM 
pubLic=yes, ho AOMaiuHMe Kaia/iorM no/ibso- 
Baie/ieM no-npe>KHeMy 6yAyi saiAMmenbi 
MMeneM no/ibsoBaie/i/i m napo/ieM. 

rioApobHOCTM 06 opraHMsauMM saiAMibi 
obiAMx pecypcoB Bbi MO/Keie nponecib b cfiaM- 
;ie AOKyMeHiauMM /usr/LocaL/share/doc/sam- 
ba/textdocs/security_LeveL.txt. 

focreBOM nojibsoBBTe/ib 

flocTyn K HeKOTopbiM c/iy>K6aM Samba, b na- 
CTHOCTM, K c/iy>K6e nenaiM, MMeei CMbic/i 
npeAOCiaBMTb /ifoboMy no/ibsoBaie/ifo, nesa- 
BMCMMO OT ayieHTMCj/MKaAMM. fl/151 3TOrO Hy>K- 
Ho Mcno/ibsoBaib laK HasbiBaeMyfo rocTeayfo 
yneTHyK) sanMCb f\j\5\ no/ibsoBaie/i/i, KOTopo- 
My HeobxoAMM Aociyn lo/ibKO k oahom koh- 
KpeiHOM c/iy>K6e. HasHaneHMe «rocTeBbix 
no/ib30BaTe/ieM» peKOMeHAyeic/i b ochobhom 
A/i/i cepeepoB Samba, paboiafoiAMx c aaiAM- 
TOM Ha ypoBHe pecypcoe, nocKO/ibKy AOCiyn 
rocT/i K Ka>KAOMy pecypcy npeAOCTae/i/ieTC/i 
M/iM 3anpeiAaeTC5i oiAe/ibHO. 

Hio6bi paapeiuMTb paboiyiaKOMy no;ib30- 
Baie/ifo, pacKOMMeHTMpyMie cipoKy guest ac- 
count B c|DaM;ie smb.conf: 

guest account = pcguest 


# o6lmmm AOCiyn k ct)aM/iaM /_ 23 


Tenepb neobxoAMMO AobaBMib b CMCieMy 
yneTHyK) aanMCb pcguest c noMOiAbfo kombh- 
Abi adduser. 

<l>aMJ]OBafl CMCTBMa smbfs 

CoBMecTHoe McnonbaoeaHMe cfiaMnoB no npo- 
TOKony SMB mo/kot 6biib ABycTopoHHMM. Yab- 
neHHbie obiAMe pecypcbi SMB mo>kho mohtm- 
poeaib TBK >Ke, kbk m nfobyfo ApyryK) cfiaMno- 
Byfo CMCieMy. Penb mact 0 cfiaMnoBOM CMCieMe 
smbfs, AOCiynHOM b nopiMpoeaHHbix npMno- 
>KeHM5ix B Kaianore /usr/ports/net/smbfs. 

Hio6bi CMOHiMpoeaib cfiaMnoByK) CMCieny 
SMB c noMOiAbfo smbfs, McnonbsyMie kombh- 
Ay mount_smbfs c p/iAOM npocibix onuMM. 
OnuM/i -I 3aAaei mm/i xocia m^m IP-aApec, a 

ABB OCTBBlUMXC/l BpryMeHTB — MM51 yAB^eH- 

Horo o6mero pecypca (b cfiopMaTe //uonbso- 
Baienb@<MM5i NETBIOS>/<mm/i pecypca>) m 
noKanbHyfo lOHKy mohtmpobbhm/i. floneseH 
TaK>Ke KnfOH -E, yKaSblBBfOlAMM KOAMpOBKy, 
HanpMMep koi8-ru:cp866. fln/i mohtmpobb- 
HM51 o6mero pecypca public c Windows-Ma- 
lUMHbi office B Kaianor /mnt /public kombh- 
Aa 6yAei Bbirn/iAeib tbk: 

# mount_smbfs -1 192.168.0.13 

//guest @ office/public /mnt/public 

ByAei aanpomeH naponb. l/IcnonbsyMie ny- 
CTOM naponb, ecnM pecypc oiKpbii o6mero 
Aociyna, m^m BseAMie cooTBeicieyfoiAMM na- 
ponb, ecnM pecypc aaiAMiueH. 

AHanorMHHO npeAbiAymuM npMMepaM mo>k- 
Ho AobaBMTb obiAMM pecypc SMB b cfiaMn 
/etc/fstab c noMOiAbfo cneAywneM cipoKM: 

//guest@ office/public /smb/public 
smbfs rw,noauto 0 0 

CueHapMM /usr/local/etc/rc.d/smbfs.sh 
6yAei MOHTMpoBBTb 3TOT o6iAMM pecypc npM 
3arpy3Ke CMCieMbi FreeBSD. 

OKHa B CeTb 

Eme 6onee npociOM cnoco6 nonyHMib AOCiyn 
K pecypcBM Windows-ceiM — McnonbsoBaib 
B03M0)KH0CTM o6onoHeK GNOME v\m KDE. 9tm 
rpac|DMHecKMe cpeAbi y>Ke MMefoi BcipoeHHbiM 
Samba-KnMeHT. Bce, hto ociaeic/i CAenaib, — 
Habpaib B BApecHOM cipoxe c|DaMnoBoro Me- 
HeA>Kepa laKyfo cipoKy: 



smb://HMH_Pecypca 

B no5iBMBiueMC5i OKHe ipebyeic/i BBeciM 
MM51 nonbaoBBien/i, naponb m AOMeH Windows. 
EcnM HMKBKMx orpaHMHOHMM HB AOCiyn K pe- 
cypcy Her, MM51 nonbaoBBien/i ao/dkho 6biib 
guest, a ocianbHbie non/i mo>kho He aanon- 
H5iTb. OaMnoBbiM MeneA>Kep Nautilus 2.6.1 
npeKpacHo oiobpa/Kaei pyccKMe Hassanm 
cfiaMnoB M nanoK. Oahbko y laKoro cnocoba 
ecTb M HeAOCiaioK, aaK^fonafoiAMMc/i b tom 
HTO pecypc He MOHiMpyeic/i nenocpeACTBen- 
Ho B cfiaMnoByK) CMCieMy FreeBSD. flosTOMy 
HTo6bi npMKnaAHbie nporpaMMbi MornM ot- 
KpbiTb c|DaMnbi c ceieBbix pecypcoB, npeABapM- 
lenbHO MX npMAeic/i CKonMpoBaib hb noKanb- 
HbiM KOMnbfoiep. Henb35i HeynoM/iHyib TaK>Ke 
0 TOM, HTO B CTBHAapTHOM rpacflMHeCKOM 

cpeAbi KDE bpayaepe Konqueror cymecTByei 
BHanor «CeieBoro OKpy>KeHM5i» — Lan 
Browser, fln/i ero cfiyHKAMOHMpoBaHM/i Heo6- 
xoAMMO AononHMienbHO yciaHOBMib m hbct- 
pOMTb A6M0H LISa. CKBHBTb MCXOAHbie KOAbI M 
6onee nOApobHO 03HBK0MMTbC51 C KOHC|DMrypM- 
pOBBHMeM AGMOHB M0)KH0 HB CTpaHMqe npo- 
eKTB http://lisa-home.sourceforge.net. 

Kbk BMAMie, paboTBTb B FreeBSD c ceieBbi- 
MM pecypcBMM oneHb nerKO. ByAb to 
cneuMc|DMHHa5i A-n^ Unix-noAo6Hbix cmctom 
NFS mv\ Windows-ceib — b nfoboM cnynae 
npocTbie MeioAbi HacipoMKM m HanMHMe 6onb- 
moro obteMa cnpaaoHHOM MHcfiopMaAMM no- 
Moryi BBM CAenaib CMCieMy eme yAobnee m 
npome B MCnonb30BBHMM. 

■ ■ ■ AjieKcaHAp CojiOBKOB 
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# MHCTA/l/iyiUM51 M HACTPOMKA/_ HacipoMKaDNS 



LMcreMa m m e h o b a h m 51 cepeepoB 

rno6a/ibHa5i ceib l/lHTepHei noApasAe/i^ieTC^i Ha AOMCHbi, Ka>KAbm ns 
KOTopbix o6c;iy>KMBaeT paa/ii/iHHbie rpynnbi no/ibsoBaie/ieM. YnpaB/ieHi/ie 


3TI/IMM AOMeHaMM OCyiAeCTB/15ieTC51 c 
luero HasBaHi/ie KopHeBoro cepBepa 
AOM ypoBHe ceii/i m 3aKaHHHBafOTC5i 

orAa Ha6npaeTC5i aApec, /lOKa/ibHbm 
DNS-cepeep npocMaipMeaeT ceofo 6a3y 
AaHHbix M KeiuMpyei Tpe6yeMyfo mh- 
cfiopMauMK). Ec/im OHa He coAep>KMT IP-aApe- 
ca, OH nepeAaei sanpoc KopnesoMy cepeepy 
MM6H, a TOT BOsepamaeT aApec cooTeeTCTBy- 
fomero cepBepa MMen. JloKa/ibHbm DNS-cep- 
Bep, B CBOfo onepeAb, o6paiAaeTC5i c sanpo- 
coM K cepaepy MMen b noMCKax aApeca cep- 
Bepa Ha c;ieAyK)iAeM ypoene, m A^-nee npo- 
uecc noBTop5ieTC5i. HanpMMep, ec/iM Bbi xotm- 
Te o6paTMTbC5i Ha yse/i http://www.maiLru, 
earn DNS-cepeep o6pamaeTC5i k cepeepy ao- 
Mena .ru b noMCKax aApeca cepeepa MMen 
maU B A3HH0M AOMene. JloKa/ibHbm DNS- 
cepeep Mcno/ibsyeT aApec, no/iyneHHbm no 
STOMy sanpocy, f \ j \ s \ o6paiAeHH5i k cepeepy 
maiLru b noMCKax aApeca xocTa. 

DNS (Domain Name Service) — sto nacTb 
ceMeMCTBa npoTOKO/ioe m yimm TCP/IP (c;io- 
BO «domain» b HaseaHMM npoTOKO/ia othocmt- 


noMoiubK) DNS-cepeepa, no/iynuB- 
MMeH. TaKne cepsepbi ecTb Ha Ka>K- 
OHM ;ioKa;ibHbiM DNS-cepeepoM. 

C51 K AOMenaM b l/lHTepneTe, a ne k AOMennoM 
MOAe/iM NT). CymecTByeT MHoro eepcMM DNS- 
cepeepoB, pa6oTafoiAHx na pasHbix onepauM- 
OHHbix cMCTeMax. B 3TOM CTaTbe 6yA6T pac- 
CMOTpena Bepcn5i, nocTpoenna^i na Unix. 

ripOCTpaHCTBO AOMeHHbIX MMeH pea/iM30- 
BaHo B BMAe pacnpeAe/ieHHOM 6a3bi AaHHbix, 
BK/ifonaioiAeM b ce65i DNS-cepeepbi m DNS- 
K/iMeHTbi (resolver), o6-beAHHeHHbie o6iamm 
npoTOKO/iOM aanpocoB k 6aae, m o6Mena mh- 
c|DopMauMeM Me>KAy cepeepaMM. l/lHc|DopMauM5i, 
MHAeKcnpoBaHHa5i AOMeHHbiM MMeneM, xpa- 
HMTC51 B 3annc5ix pecypcoB RR (Resource 
Records). 3anncb pecypca MMeeT K/iacc (b na- 
CT05UAee epeM5i ncno;ib3yK)TC5i 3anncM l/lHTep- 
HeTa — IN), TMn 3anncM (onpeAe;i5ieT xapaK- 
Tep XpaHMMOM MHC|DOpMaUMM) M C06CTBeHH0 
MHc|DopMauMK). B HacTHOCTM, A^i^i Ka>KAoro pe- 
cypca XpaHMTC51 MaKCMMa/lbHO AOnyCTMMOe 
epeM5i KeiuMpoBaHM5i no/iyneHHOM MHcfiopMa- 
i\m TTL (Time To Live). CoeoKynnocTb 3ann- » 
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» ceM pecypcoB, MMefomMx coBnaAafomne ao- 
MeHHoe v\m, K/iacc m inn, HasbiBaeic^i Ha6o- 
poM sanMceM pecypcoB (RRset). 

OCHOBHbIM TMnOM XpaHMMOM MHCjDOpMaUMM 
5 ib;i5ik)tc5i IP-aApeca. floMCHHOMy MMeHM 
MO>KeT COOTBeTCTBOBaib HeCKO/lbKO IP-aApe- 
coB (HecKO/ibKO ceieBbix HHTepcfieMCOB Ha 
KOMnbfoiepe); OAHOMy aApecy MO>KeT coot- 
BeiCTBOBaib HeCKO/lbKO MM6H (CMHOHMMbi). 

riop5iAOK BbiAaHM sanMceM npM sanpoce He 
o65i3aH COOTBeTCTBOBaib nop5iAKy sanMceM 
npM OnMCaHMM SOHbl. 

Yno/iHOMOHeHHbm (authoritative) cepaep 
o6;iaAaeT no/iHOM MHcjDopMauMeM o6 onpeAe- 
/leHHOM 30He. AApeca yno/iHOMoneHHbix cep- 
BepoB 30Hbi (AOMena, o6-beM;iK)iAero 3ony) 
yKa3blBafOTC51 B HHC|DOpMaUMM 0 pOAMie/lbCKOM 
AOMene. Yno/iHOMOHeHHbie cepBepbi Ae/i5iTC5i 
Ha nepBMHHbie (primary master) m BTopnHHbie 
(secondary master, slave). Flepabm 3arpy>KaeT 
AaHHbie 30Hbl M3 /lOKa/lbHOrO MCTOHHMKa 
(odbiHHO M3 c|DaM;ia). BiopoM no/iynaei AaH- 
Hbie 30Hbi OT Apyroro yno/iHOMoneHHoro cep- 
Bepa (odbiHHo, xot5i m ne od^iaaie/ibHo, ot 
nepBMHHoro cepaepa). 3 tot npouecc Haabiaa- 
eic5i nepeAaneM 30Hbi (zone transfer). flpM 
HeAOCiynHOCTM McxoAHoro yno/iHOMoneHHoro 
cepaepa BiopMHHbiM MO>KeT 3arpy>KaTb 3ony 
M3 pe3epBHOM KOnMM, npeAyCMOipMie/lbHO co- 
xpaneHHOM b cfiaM/ie. 

Ha/iMHMe HecKO/ibKMx yno/iHOMoneHHbix 
cepaepoB no3BO/i5ieT pa3Ae;iMTb Harpy3Ky m 
o6ecneHMTb aaiAMiy ot c6oea. DNS-cepaep 
(npouecc) MO>KeT 6biib yno/iHOMoneHHbiM 
cpa3y HeCKO/lbKMX 30H M/IM HM Of\- 
HOM (KeiuMpyioiAMM cepaep). flpM 3tom 
OAHMX 30H OH MO>KeT 6blTb nepBMHHbIM, a A^^l 
ApyrMX — BTOpMHHbIM. YnO/lHOMOHeHHbIM 

cepaep, yKaaaHHbiM a poAMie/ibCKOM AOMene 
(npM Ae/ierMpoaaHMM 30Hbi), ho ne onMcan- 
HblM B 3anMCM CaMOM 30Hbl, Ha3blBaeTC51 
CKpbiTbiM (stealth) yno/iHOMoneHHbiM cepee- 
POM. CKpbITbIM MO>KeT 6blTb M nepBMHHbIM 
cepaep (hidden primary). TaKOM aapMaHi mc- 
no;ib3yeTC5i TorAa, KorAa nepBMHHbiM cepaep 
HaxoAMTC5i 3a ceieBbiM sKpanoM. HeBepna^i 
HacipoMKa, npM KOiopoM yno/iHOMoneHHbiM 
cepaep, yKaaaHHbiM a poAMie/ibCKOM AOMene 
(npM Ae/ierMpoaaHMM 30Hbi), OTKaabiBaeic^i 
npM3HaaaTb ce65i yno/iHOMoneHHbiM, naabiaa- 
eic5i «HeKoppeKTHbiM Ae/ierMpoBaHMeM» 

(lame delegation, lame servers). 


npocreMuiMM cepeep MHeH 

Ha npoT5i>KeHMM AO/iroro BpeneHM caMbiM no- 
ny;i5ipHbiM MeiOAOM paapemeHM^i MMen kom- 
nbfoiepoB M IP-aApecoB b l/lHiepHeie 5 ib;i5ik)t- 
C51 KOAbi BIND. 0praHM3auM5i Internet Software 
Consortium (ISC) pa3pa6aTbiBaei m conpoao>K- 
Aaei McxoAHbie koah, Koiopbie mo>kho 6ec- 
n/iaiHO no/iyHMTb na caMie ftp://ftp.isc.org. 
Bcero MMeeiC5i ipM BeiaM: BIND 4, BIND 8 m 
BIND 9 (npaBAa, neKOiopoe apeM5i naaaA ISC 
npeKpaiM/ia noAAep>KKy nepBoro m3 hmx). 
Oahm M3 noc/ieAHMx aepcMM — BIND 4.9.8, 
BIND 8.3.3 m BIND 9.2.3. 

KeiuMpyioiAMM DNS-cepaep c;iy>KMT f\j\s\ 3a- 
noMMHaHM5i aanpocoB, yxoA^UAMx a r;io6a;ib- 
Hyio ceib. 3 to 3HaHMTe;ibH0 yMeHbiuaeT apeM5i 
o>KMAaHM5i oiaeia npM c/ieAyioneM aanpoce, 
oco6eHHo ec/iM coeAMHeHMe MeA/ieHHoe m;im 
BH yTpeHH5i5i ceib o6iuMpHa. HanpMMep, no/ib- 
aoBaie/ib 1 oinpaaM/i aanpoc Ha onpeAe/ieHMe 
IP-aApeca xocia www.mail.ru. B stom c/iynae 
KeiuMpyioiAMM DNS-cepeep onpeAeuMu aApec 
no auropMTMy, onMcaHHOMy Bbime, m aanoM- 
HMu ero. Hepea HeKOiopoe apeM5i noubaoaa- 
leub 2 TO>Ke oinpaaMu aanpoc Ha onpeAeue- 
HMe Toro >Ke IP-aApeca; lenepb DNS-cepaep 
BMecTO Toro, HTo6bi noBTop5iTb auropMTM, npo- 
CTO Aociaei aanMCb m 3 caoero Kema, neM 
CMUbHO CHM>KaeT Harpy3Ky na BHyipennioK) m 
BH eiuHioK) ceib, a TaK>Ke Apyrne cepaepbi. 
Cnanaua Hy>KHO ycianoBMib cepaep: 

# cd /usr/ports/dns/bind9; 

(ycTanaBjiMBaeM vis nopiOB) 

# make && make install 

flauee Hy>KHO cooiBeiCTByioiAMM o6pa30M 
OTpeAaKTMpoaaTb cfiaMu named. conf, pacnoua- 
raioiAMMC5i a Kaiauore /etc/namedb: 

options { 

directory "/var/named"; (paboMnii xaia- 
jior c KOH(J)virypaAviOHHbiMvi (J)aMJiaMvi) 

// query-source port 53; (ajih paboTbi ue- 
pes firewall naAO pacKOMMenTvipoBaTb). 

}; 

zone { 

type hint; 
file "root. hints"; 

}; 


zone "0.0.127.in-addr.arpa" { 
type master; 
file "zone/127. 0.0"; 

}; 

OaMu, HasBaHHbiM /var/named/root.hints, 
AOu>KeH HaxoAMTbC 5 i a yKaaaHHOM AnpeKio- 
pMM. Oh onMCbiaaei MMena Kopneabix cepae- 
poB MMen no Bceny MMpy. BpeM 5 i ot apeMOHM 
MX CnMCOK M 3 MeH 5 ieTC 5 i; o 6 HOBU 51 Tb ero MO>KHO 
c noMOiAbK) nporpaMMbi dig. 

CueAyioiAMM pa3Aeu a named. conf — 
o6paiHa5i 30Ha. flpocTO co3AaMie cjDaMu noA 
HaaaaHMeM 127.0.0 a noAAnpeKiopMM zone: 

@ IN SOA ns.myname.ru. hostmaster. 

ns.myname.ru ( 

1 ; Serial 

8H ; Refresh 

2H ; Retry 

IW ; Expire 

ID) ; Minimum TTL 

IN NS ns.myname.ru. 

1 IN PTR localhost. 

Tenepb hbm HeobxoAMMO, HTobbi cfiaMu 
/etc/resolv.conf Bbiru5iAeu laK: 

search name.myname.ru myname.ru 
nameserver 127.0.0.1 

flauee cueAyei aanycK named: 

# named 

B uorax (/var/log/messages) ao/dkho 

6 biTb npMMepHO cueAyioiAee: 

# tail -f /var/log/messages 

May 15 13:26:17 myname named[456]: 

Ready to answer queries 

Ha 3TOM HacipoMKy npocioro DNS-cepeepa 
M 0 >KH 0 cHMiaib aaaepmeHHOM. 

HacTpoMKa 

nepBMHHoro DNS-cepaepa 

J1k)6om HeuoaeK MO>KeT aaperMCTpMpoaaib a 
l/lHiepHeie cbom AOMeH m Aa>Ke He oamh. He- 
aaaMCMMO ot Mecia npo>KMBaHM5i, Bbi MO>KeTe » 
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# MHCTA/l/iyiUM51 M HACTPOMKA/_ HacipoMKaDNS 


» o6paTMTbC5i B 6;iM>KaMiuMM ocf)Mc ISP M, san/ia- 
TMB $20 3a roA, BOcno;ib30BaTbC5i yc/iyraMM 
perMCTpauMM AOMCHHbix MMeH. rioc/ie 3Toro 
Bbi 3aAaAMTecb BonpocoM: kbk CAe/iaib tbk, 
HTo6bi 3TOT A0M6H no/iHoueHHo pa6oTa/i B 
l/lHTepHeie? Ecib Asa nyii/i: mo>kho o6paTHTb- 
C51 c npocb6oM 0 noAAep>KKe m paaMemeHMH 
AOMeHa B opraHM3auMK), rAe oh 6bm 3aperncT- 
pnpoBaH, M/iM ;iK)6yK) opraHM3auMK), KOTopa^i 
3aHMMaeTC5i noAo6HbiMH yc/iyraMn; a mo>kho 
pa3MeCTMTb A0M6H Ha CB06M TOXHHHeCKOM 
n/iomaAKe (a/i5i aioro noTpe6yeTC5i BbiAe/ien- 
Ha5i nmm b l/lHiepHei m oiAe/ibHbm KOMnbfo- 
lep c ycTaHOB/ieHHOM onepauMOHHOM CMcie- 
MOM, B HameM c/iynae — FreeBSD). 

flonycTMM, HTO Bbino/iHeHbi Bce Tpe6oBa- 
Hm A/151 caM0CT05iTe;ibH0M noAAep>KKM AOMe- 
Ha. Heo6xoAMMO Bbi6paib BepcMfo nporpaMMbi 
BIND (na AaHHbm MOMeni CTa6n;ibHOM BepcM- 
eM 5iB;i5ieTC5i BIND-9.2.3). Ee mo>kho naMiM 
3Aecb: ftp://ftp.isc.Org/isc/bind9/9.2.3/ 
bind-9. 2. 3.tar.gz. no/iyneHHbm cjDaM/i pacna- 
KOBbiBaeM (# tar -zxvf bind-9. 2. 3.tar.gz) m 
npi/iciynaeM k KOHcfiMrypauMM (#./configure - 
prefix=/usr/LocaL/named (AnpeKTopM5i ycia- 
hobkm)). KoMaHAa with-openssL Mcno/ibayei- 
ci\, ec/iM Bbi npnMeH5ieTe KpnnTorpac|DMHecKMe 
MeiOAbl lUMC|DpOBaHM51 AaHHbIX. TaK>Ke MO>KHO 
BOcno;ib30BaTbC5i Aono/iHme/ibHbiMM ouu,m- 
MV\, nocMOTpeB MX KOMaHAOM: #./configure — 
help, fla/iee: #make ; make install, l/l CHOBa 
peAaKTMpyeM c|DaM;i named. conf, ho CMHiaK- 
CMC 6yA6T OT/iMHaTbC5i OT npoAbiAyiAero: 

options { 

directory "/var/named"; (pabonviM xara- 
jior c KOH(J)virypaAviOHHbiMvi (J)aMJiaMvi) 

// query-source port 53; (ajih padoTbi ue- 
pes firewall naAO pacKOMMeHTvipoBaTb). 

}; 

zone { 

type hint; 
file "root. hints"; 

}; 

zone "myname" { 
type master; 

file "zone/myname.dns"; 

}; 

zone "85.85.85.in-addr.arpa" { 
type master; 
file "zone/85.85.85"; }; 


zone "0.0.127.in-addr.arpa" { 
type master; 
file "zone/127. 0.0"; 

}; 

flanee neobxoAMMO oipeAaKTMpoBaib 
c|DaM;i 30Hbi (AaBaMie naaoBeM ero /etc/ 
namedb/zone/ myname. dns): 

@ IN SOA ns.myname.ru; 

(ynojiHOMOueHHbiM cepBep) 
hostmaster.ns.myname.ru; (aApec 

SJieKTpOHHOM nOMTbl aAMMHMCTpaTopa) 

( 

2004011501; (noMep Bepcuu) 

8H ; (viHTepBaji obnoBjieHviH soHbi) 

2H ; (viHTepBaji nonbiTKvi obHOBjienviH 
30Hbl) 

IW ; (viHTepBaji MCTeuenviH nojiHOMOUMu) 

ID) ;ttl 

IN NS ns.myname.ru 
IN NS ns.server.ru; (BTopviuHbm 
DNS-cepaep, KOTopbiii AOJDKen 
naxoAviTbCH b Apyroii cervi KJiacca C) 

IN MX 10 smtp.myname.ru; (nouTOBbiii 
cepBep; Avi(J)pa 10 ynasbiBaeT ero 
npviopviTeT) 

IN MX 20 smtpl.myname.ru; 
(BcnoMoraTejibHbiM nouTOBbm cepaep) 
myname.ru. IN A 85.85.85.121; 

(IP-aApec xocTa c viMeneM myname.ru) 
WWW IN A 85.85.85.129; (IP-aApec 

web-cepBepa) 
ftp IN CNAME WWW 

CneAytoiAMM mar: peAaKiMpyeM cfiaMn 
zone/85.85.85. 3 to laK nasbiBaeMbiM cfiaMn 
obpaiHOM 30Hbi (oHa c/iy>KMT f\j\s\ npeobpaao- 
BaHM5i MMeH B IP-BApeca). 

@ IN SOA ns.myname.ru. hostmaster.ns. 
myname.ru. ( 

2004011501 ; (noMep Bepcuu) 

8H ; (viHTepBaji obnoBjieHviH soHbi) 

2H ; (viHTepBaji nonbiTKvi obHOBjienviH) 

IW ; (viHTepBaji MCTeuenviH nojiHOMOUMu) 

ID) ; Minimum TTL 

IN NS ns.myname.ru. 

121 IN PTR myname.ru. 

129 IN PTR WWW 


PTR — 3TO AOMeHHOe MM51 J\S\5\ COOTBeiCT- 
Byfomero IP-aApeca (b ashhom cnynae nMmei- 
C5\ TonbKO noc/ieAHMM OKiei). noMCKa ao- 
MOHHbix MMeH uo IP-aApecaM Mcno;ib3yeTC5i 
in-addr.arpa. Ero noAAOMenaMM 5iBn5iK)TC5i ao- 
MeHbi c npocTbiMM MMenaMM ot 0 ao 255, co- 
OTBeiCTByfoiAMMM ciapmeMy OKieiy IP-aApe- 
ca. I/lx noAAOMenaMM 5iBn5iK)TC5i AOMenbi c 
npocTbiMM MMenaMM ot 0 ao 255, cooiBeiCTBy- 
foiAMe BTopoMy OKieiy IP-aApeca, m laK Aa- 
jiee, AO HeiBepioro OKieia. TaKMM obpaaoM, 
IP-aApec OKa3biBaeTC5i sanMcaHHbiM b aomoh- 
HOM MMOHM B oOpaiHOM nop^iAKO. HanpMMop, 
aApecy 195.161.72.28 cooTBeiCTByeT aomoh- 
Hoe MM51 28.72.161.195.in-addr.arpa. (m SHane- 
HMe PTR — deol.deol.ru). OOpaiHa^i aanMCb He- 
obxoAMMa f\ni\ 6onee nerKoro Ae/ierMpoBaHM5i 

30H B COOTBeiCTBMM C BblAe/ieHMOM IP-BAPOCOB. 

3oHbi BepxHero ypoBH5i b aomoho in- 
addr.arpa. AO/ierMpoBaHbi lANA perMonanbHbiM 
perMcipaiopaM (RIR — Regional Internet 
Registrator) BMecie c 6;ioKaMM IP-aApecoB. 
0To6pa>KeHMe aApecoB b MMena MO>KeT 6biib 
o65i3aTenbHbiM paboibi HOKOiopbix cepBM- 
coB B l/lHiepHeie: hot OTo6pa>KeHM5i — hot o 6- 
c;iy>KMBaHM5i. B HameM cnynae Mbi co3AaeM ao- 
MeH f\ni\ BceM ceiM Knacca C (85.85.85.0/24). 

Ha 3TOM HacipoMKa nepBMHHoro DNS-cepaepa 
3aKOHHeHa. 3anycKaeM named m cmotpmm norM. 

HacTpoMKa 

BTopMHHoro DNS-cepaepa 

HacipoMKa DNS-cepaepa Aannoro iMna cbo- 
AMTC51 K peAaKTMpoeaHMfo cfiaMna named. conf, 
TAe OnMCblBaeTC51 30Ha, KOIOpOM MbI HaCT- 
paMBaeM AaHHbiM cepeep KaK BiopMHHbm: 

zone "myname2.ru" { 
type slave; 

file " zone /myname 2. dns"; 
masters { ip aApec primary 
dns cepBepa }; }; 

rioc/ie 3Toro nepeaanycKaeM named. Oh 
aBTOMaiMHecKM co3Aaei cfiaMn myname2.dns. 

SauiMTa DNS-cepaepa 

rio yMonnaHMfo DNS-cepaep BbinonH5ieT 3a- 
npocbi peKypcMBHO. Ctohkm 3peHM5i 6e3onac- 
HOCTM 3TO MO>KeT Bbi3biBaTb HeKOTopbie npo- » 
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» 6;ieMbi. ripM no/iyHeHMM sanpoca Ha paspeme- 
Hi/ie MMeHM OT KJiMeHTa M/iM Apyroro DNS-cepee- 
pa (HanpMMep, ec/iM Tpe6yeTC5i HaMiM IP-aApec 
cepeepa www.exampLeco.com) DNS-cepeep 
npoeep5ieT cbom /lOKa/ibHbm Keiu mmoh. B c;iy- 
Hae HeyAaHM oh nbiiaera no/iynMib Heo6xoAH- 
Myfo MHc|DopMauMK) OT ApyrMX cepeepoB. Ec/im 
cepBep no;iyHMT;io>KHyK) m;im HeAOCTOBepHyfo 
MHc|DopMauMK), OHa Bce paBHo 6yA6T nepeAa- 
Ha sanpaiuMBafomeMy ee K/iMeniy. Tohho laK 
>Ke, ec/iM DNS-cepaep noAAep>KMBaeT npocT- 
paHCTBO MMOH AOMOHa AOCTyna b l/lHiep- 
Hei M OTBenaei na sanpocbi, npMxoA^iiAMe ot- 
TyAa, ;ik)6om KOMnbfoiep c bbixoaom b ceib 
MO>KeT Mcno/ibsoBaib pecypcbi aioro cepBepa 
A/151 onpoca ApyrMX aomohob. 

B ceKUMfo options cfiaM/ia named. conf 
peK0MeHAyeic5i Ao6aBHTb cneuna;ibHoe yc- 
jiOBMe, B KOTopoM 6yAyi yKasaHbi no/ibsoBa- 
le/iM, MMefoiAMe npaBO na Bbino/ineHMe pe- 
KypcMBHbix sanpocoB. 

allow-recursion { 

85.85.85.0/24; 

}; 

}; 

B 3T0M npMMepe KOMnbfoiepbi BHyipenneM 
ceiM M3 AHanasoHa aApecoB 85.85.85.0/24 mo- 
ryi Mcno/ibsoBaib DNS-cepaep paspemeHM^i 
MMOH l/lHiepHeia. TaK>Ke c/ieAyei oTK/ifOHMib 
P51A peKypcMBHbix c|DyHKUMM DNS-cepBopa: 

options { 

A recursion no; 

B fetch-glue no; 

}; 

MeiKa «A» npeABap^iei ycnoBMe, sanpemafo- 
mee noKanbHOMy DNS-cepaepy McnonbsoBaib 
A/151 paspemeHM/i mmoh Apyrne cepaepbi. Meixa 
«B» npeABap/ieiycnoBMe, no KOTopoMy noKanb- 
HOMy DNS-cepaepy sanpeiAaeic/i Bbiciynaib b 
ponM ipaHcn/iTopa Hy>KMx sanpocoB na paspe- 
meHMe mmoh b sanMC/ix Name Server (NS). Bne- 
cie c leM OTKnfoneHMe peKypcMBHbix cf)yHKUMM y 
MHiepnei-cepBepa BIND DNS npMBOAMT k TOMy, 
HTO BHyipeHHMe DNS-cepaepbi m nonbsoBaienM 
He CMoryi Bbinonn/iTb paspemeHMe MMen Mh- 
Tepneia npn homoiam aioro cepeepa. 

fln/i o6ecneHeHM5i 6e3onacHociM MHorne 
opraHM3auMM cipeM/iTC/i CKpbiib ceofo BHyipen- 


Hfofo MHcfipacTpyKTypy ceiM. 0co6eHHO 3 to Ka- 
caeic/i MMen KOMObfoiepoe m mx IP-aApecoe m 3 
noKanbHOM ceiM, Koiopbie naxoA/iic/i b 6aae 
DNS-cepeepoB. B to >Ke epeM/i cny>K6a DNS 
Aon>KHa BbinonH5iTb paapemeHMe mmoh BHem- 
HMx MHTepHeT-cepeepoB (nanpMMep, noHTOBbix 
M Be6-cepeepoB). Motoa, KOTopbiM no3Bon/ieT 
noAe/iMTb cny>K6y DNS na BHeiuHfOfo m BHyTpen- 
Hfofo, Ha3biBaeTC5i pa3Ae/ieHMeM (split) DNS. 

Cnoco6 pa3Ae/ieHM5i DNS ocHoean na hobom 
B03M0)KH0CTM A6B51TOM BOpCMM BIND, n03B0n/l- 
fOlAOM paSMeCTMTb BHyTpeHHMM M BHeiUHMM DNS 
Ha OAHOM KOMnbfOTepe. ripeAnono>KMM, Hexa/i 
KOMnaHM/i noAAep>KMBaeT BHyTpeHHMM AOMeH 
myname. local (coAep>KMT MMena BHyTpeHHMx 
KOMnbfOTepoB M MX IP-aApecoe) m BHeiuHMM — 
myname.ru (MMeeT OTAenbHbiM cfiaMn 30Hbi, co- 
Aep>KaiAMM MMeHa BHeiuHMX KOMUbfOTepoe m mx 
IP-aApeca). 06biHHbiM DNS-cepeep CMor 6bi mc- 
nonb3oeaTb nMiub oamh cfiaMn 30Hbi a/i/i AOMena 
myname.ru. BIND 9 noaeon/ieT eAMHCTeeHHOMy 
DNS pa6oTaTb c HecKonbKMMM cfiaMnaMM 30 h f\j\s\ 
OAHoro M Toro >Ke AOMeHHoro MMeHM. TaKOM 
cepeep yneeT OTnMHaTb BHyTpeHHMx KnMeHToe 
OT BHeiuHMx no MX IP-aApecaM m McnonbsoeaTb 
A/151 OTBOTOB COOTBeTCTByfOlAMe Cf)aM/lbl 30H. 


view internal-exampleco { 

A match { 

192.168.1.0/24; }; (aApeca BHyTpeHHeii ceru) 
zone "myname.local" 

{ type master; file 

"zone/myname.local.dns"; }; 

}; 

view external-exampleco { 

B match any; 
zone "myname.ru" 

{ type master; file "zone/myname.dns"; }; 

}; 

ripMMep KOHc|DMrypauMM cokumm named. conf 
onpeAe/i5ieT cfiaM/ibi BHyTpeHHeM m BHeiuHeM 
30Hbi AOMeHa myname f\j\s\ cepeepa BIND 9. 
DNS-cepeep Bbino/iH/ieT aanpocbi K/iMeHToe 
B TOM nop51AKe, B KOTOpOM CTpOKM KOHCflMry- 
pauMM pa3MemeHbi e cokumm View. Tbkmm 
o6pa30M, Ao6ae/i5i5i e Hee Hoeyfo CTpoKy, 
c/ieAyeT o6pamaTb BHMMaHMe Ha to, Kaxoe 
MecTO OHa saHMMaeT no OTHomeHMfo k Apy- 
TMM ee CTpoKaM-yTBep>KAeHM5iM. riepeoe 
yTBep>KAeHMe othocmtc5i k BHyTpenneMy ao- 
Meny, BTopoe — k eneiuHeMy. » 


CnpaBOHHafl MH(|)opMaAM5i 


SaranoHHbie a66peBMaTypu 


SOA — 3T0 SanMCb IVI0>KeT ObITb TO/lbKO 
OAH0. OnMcaHMe soHbi ao/i>kho HaHMHaTbcn 
c sanMCM AaHHoro TMna, onpeAe/imoiAeM 
A/iH yKasaHHoro AOivieHa: 

► nepBMHHbiM yno/iHOMoneHHbiM cepeep 
(primary master); 

► aAPeC 3/ieKTpOHHOM nOHTbl OTBeTCTBeHHO- 
ro 30 30Hy (@ B noHTOBOM aApece eaivieHH- 
eTCH H0 TOHKy B KOHUe AOOaB/lHeTCH TOHKa); 

► Hoiviep eepcMM (32 6MTa; AO/i>KeH yee/iM- 
HMBaTbCH npM K0>KAOI\/I M3MeHeHMM; MC- 
n0/lb3yeTC51 BTOpMHHbIM ynO/lHOMOHeHHblM 
cepeepoM a/i5i npoeepKM hboOxoammoctm 
oOHOB/ieHMH 30Hbi; ero npMHHTO eanMCbi- 
BaTb B BMAe A9Tbl M HOMepa M3MeHeHMH B 
3T0T A6Hb B 4)opMaTe TErriVIIVIAANN — 
HanpMMep, 2004011501); 

► MHTepea/i oOHOB/ieHMH 30Hbi (b ceKyHAax) 
A/iH BTopMHHbix yno/iHOMOHeHHbix cepBepoB; 

► MHTepea/1 nOnbITKM OOHOB/ieHMH 30Hbl (b 
ceKyHAax) npM HeyAane oOHoe/ieHMn; 


► MHTepea/i MCTeneHMH no/iHOMOHMM a/i5i 
BT opMHHbix yno/iHOMoneHHbix cepeepoB 
npM HeyAane oOHoe/ieHMH (b cenyHAax). 

► TTL — AO RFC 2308 MMHMivia/ibHoe TTL 
A/IH peCypCOB 30Hbl (OHO >Ke 3H0HeHMe 
no yMO/iHaHMK)), noc/ie — epeivm >km3hm 
OT pMuaTe/ibHoro KeujMpoBaHMH (He 6o/iee 
Tpex nacoB). 

NS — AOivieHHoe Mivm yno/iHOMOHeHHoro 
cepeepa yKaaaHHoro AOiN/iena; ao/i>kho 
O biTb HecKO/ibKO cepeepoB (e tom HMC/ie m 
yKa30HHbiM B SOA). Mmh He oOnaano ne- 
>KaTb B TOM >Ke AOMene. 

A — npeACTae/ineT co6om IP-aApec a/i5i 
yKaaaHHoro AOMennoro mmohm. 

CNAME — KaHOHMHecKoe AOMennoe mmh 
A/ iH onpeAe/ineMoro cmhohmmb; aomoh- 
HOe MMH-CMHOHMM HO A0/15KH0 MMOTb APY" 
TMX 3anMceM pecypcoe; CMHOHMMbi ne 
AO/l>KHbl MCn0/lb30eaTbC51 B AaHHbIX /lio- 
6bix APyrMx pecypcoB. 
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# MHCTA/l/iyiUM51 M HACTPOMKA/_ HacipoMKaDNS 


» OaM/i soHbi BHyipeHHero AOMena Hasbiea- 
eTC5i myname.LocaL.dns, a c|DaM;i soHbi BHem- 
Hero AOMCHa — myname.dns. KaK To;ibKO 
DNS-cepaep no/iynaeT sanpoc, oh CHana/ia 
nbiTaeTC5i onpeAe/imb, nonaAaei/iM IP-aApec 
K/iMeHia B AHanasoH, OTMeneHHbm b o6;iacTM 
view MAeHTMC|DMKaTOpOM A. Ec/IM 3TO TaK, TO 
DNS-cepaep CHMTaei, hto sanpoc npmue;i ns 
BHyipeHHeM ceiM, m Bosapamaei otb6t Ha oc- 
HOBaHMM AaHHbix BHyipeHHero AOMena. Ec/im 
>K e H6T, TO DNS-cepaep onpeAe;i5ieT, nonaAaeT 
JIM IP-aApec K/iMeHTa b AnanasoH, OTMenen- 
HbiM MAeHTMc|DMKaTopoM B. B HaiueM npi/iMepe 
MAeHTMC|DMKaTOp B COAep>KMT yC/lOBMe C K/lfO- 
HeBbiM c/iOBOM «any» (;ik)6om), noaTOMy cep- 
Bep BOSBpamaeT otb6t c MHcfiopMauMeM o 
BHemneM AOMene ;iK)6oMy K/iMeHTy, nen IP He 
nonaAaeT b cnncoK BHyTpeHHMx aApecoB. 

HTo6bi Mcno/ibsoBaTb Aannyfo B03M0>KH0CTb, 
Tpe6yeTC5i pacno;io>KMTb cepBep BIND 9 na 
KOMnbfOTepe, AOCTynnoM f\j\5\ K/iMeHTOB KaK 
BHyTpeHHeM, TaK m BHemneM ceTM. TaKOM kom- 
nbfOTep MO>KeT c;iy>KMTb ceTeBbiM aKpanoM Me>K- 
Ay l/lHTepneTOM m MHTpaneTOM m;im cepaepoM b 
aoHe DMZ. Xopoma^i aona DMZ MMeeT KaK enyT- 
peHHMM ceTeeoM aKpan, TaK m BHemHMM. BnyT- 
peHHMM 3KpaH OTKpbiBaeT MCXOA511AMM nopT UDP 
53 DNS-aanpocoB m 3 BHyTpeHHeM ceTM, a 
BHemHMM 3KpaH OTKpbieaeT A/1^1 aanpocoB bxo- 
A511AMM nopT UDP 53. 

fl/151 o6ecneHeHM5i deaonacHOCTM DNS- 
cepeepoB mo>kho BHecTM b HacTpoMKM BIND 
eme HecKO/ibKO Aono/ineHMM m paapemMTb 
BHyTpeHHeMy cepeepy BIND OTeenaTb TO/ib- 
KO Ha Te aanpocbi, KOTopbie npMxoA^iT c yKa- 
aaHHbix IP-aApecoe: 

options { 

allow- query { 

192.168.1.0/24; 

}; }; 

B npMBeAeHHOM npMMepe cepeep o6pa- 
6aTbiBaeT aanpocbi TonbKO ot K/iMeHToe m 3 
ceieM 192.168.1.0/24. 

Hto KacaeTC5i BHemnero DNS-cepeepa, to 
orpaHMHeHMe na IP-aApeca McnonbaoBaTb 
oneHb TpyAHo, TaK KaK He;ib35i aapanee CKaaaTb, 
KaKMe KnMeHTbi o6paT5iTC5i k cepeepy. 3aTO b 
H acTpoMKax named. conf onenb nerKO aanpe- 
TMTb AOCTyn TeM KnMeHTaM m cepeepaM, koto- 
pbie 51BHO npeACTaen^ifOT onacHOCTb (MMeeTC5i b 


BMAy, HTO MX IP-aApeca MseecTHbi). HanpMMep, 
ec/iM MseecTHO, hto kto-to nbiTaeTC5i aTaKoeaTb 
cepeep DNS M3 ceTM 172.36.0.0/16, mo>kho 
BB ecTM B KOHc|DMrypauMOHHOM cfiaMne blackhole 
yc/iOBMe M aanpeTMTb aanpocbi m3 3tom ceiM: 

options { 

blackhole { 

172.36.0.0/16 

}; 

}; 

B ceKUMM options c|DaMna named. conf 
TO/ibKO KOHKpeTHbiM cepsepaM DNS (nanpM- 
Mep, BTopMHHbiM DNS-cepsepaM c aApecaMM 
85.85.85.100 M 198.168.1.100) paspemaeTC^i 
KonMpoeaTb MHcfiopMauMK) o 30He yKasaHHoro 
DNS-cepeepa (nanpMMep, nepsMHHoro). 

options { 

allow-transfer { 

192.168.10.10; 192.168.11.10; 

};}; 

fla/iee Mbi paccMoipMM BcnoMoraienbHbie 
nporpaMMbi m yTMnMTbi npoeepKM pa6oTO- 
cnocobHOCTM M HacTpoMKM DNS-cepsepa. Bmo- 
CTe c cepeepoM nociaen^ifOTC^i Heo6xoAMMbie 
A/151 Mcc/ieAoeaHM/i AOMeHHoro npocTpancTBa 
yTMnMTbi dig m nslookup . 

VTMnMTa dig noaeo/i/ieT co3AaeaTb c|DaMnbi 
root.hints yKaaaHHoro TMna a/i/i yKaaaHHoro 
AOMeHHoro MMeHM B c|DopMaTe cj/aMna aoHbi: # 
dig@(MM5i dns cepeepa) > root.hints. Flo 
yMonnaHMfo Mcno/ibsyeTC/i cepeep, onMcaHHbiM 
npM HaCTpOMKe K/lMeHTCKOM 6M6nMOTeKM. flo- 
MeHHbie MMena CHMTafOTC/i abconfOTHbiMM. 
CnMCOK noMCKa onuMM dig: 

► b — MCXOA5UAMM IP-aApec aanpoca; 

► c — K/iacc aanMCM; 

► f — MM51 cfiaM/ia (cnMcoK aanpocoB HMTaei- 
C51 M3 c|DaMna, oamh aanpoc na cipoKy); 

► k — MM51 cfiaM/ia (cjDaM/i K/ifoneM f\j\s\ noAnM- 
CM aanpoca m OTeeia TSIG); 

► p — nopT cepeepa; 

► t — TMn aanMCM (no yMonnaHMfo: A, ec/iM 
He yKaaaH Knfon — x); 

► X — addr (sanpoc mmohm no IP-aApecy); 

► y — MM5i_K;iK)Ha:KnK)H (/iBHoe saAaHMe 
K/ifona a/ 151 noAnMCM sanpoca m OTeeTa TSIG). 

YTM/iMTa nslookup o6-b5iB/ieHa ycTapeemePi 
M HaB513HMBO HanOMMHaOT o6 3TOM npM Ka>K- 


AOM sanycKe (k hom Aa>Ke He nocTae/i5ieTC5i 
AOKyMeHTauM/i, OTcyTCTeyeT KOMaHAa «Help» m 
H eKOTopbie ApyrMe). OopnaT ebiaoea: 

nslookup [-KjnoMvi] AOMeHHoe_viMH 
[onpamviBaeMbm_cepBep] 

Ec/im AOMeHHoe mm/i m mm/i cepeepa onyme- 
Hbl M/IM MCnO/lb3yeTC51 CMMBO/l «MMHyC» BMeCTO 
AOMeHHoro MMeHM, TO yTM/iMTa nepexoAMT e mh- 
TepaKTMBHblM pe>KMM pa60Tbl. BbIXOA M3 MHTep- 
aKTMBHoro pe>KMMa npoMcxoAMT no KOMaHAe 
«Exit» M/iM no Ha>KaTMK) «'^D» (kohoa eeoAa). 
rio KOMaHAe «'^C» (npepbieaHMe nporpaMMbi) 
yTM/iMTa npepbieaeT Bbino/iHeHMe TOKymeM one- 
pauMM M B03epaiAaeTC5i e MHTepaKTMBHbiM pe- 
>KMM. ripe Aye MOTpeHbi c/ieAyiouMe KOMaHAbi 
(MMena napaMeTpoe mo>kho coKpamaTb): 

► AOMeHHoe_MM5i — npoMseecTM noMCK sanM- 
CM ycTaHOB/ieHHoro K/iacca m TMna; 

► set all — noKaaaTb TeKyiAMe sna^enm ecex 
napaMeTpoe; 

► set [no]napaMeTp — ycTaHOBMTb sHaneHMe 
nepeK/ifOHaTe/i5i; 

► set napaMeTp=3HaHeHMe — ycTaHOBMTb 
SHaneHMe napaMeTpa; 

► type=TMn-3anMCM (no yMO/inaHMio: A f\j\s\ 
MMeHM M PTR a/ 151 aApeca,* mo>kho Mcno/ibso- 
eaTb TaK)Ke nceeAOTMnbi AXFR m ANY); 

► class=MM5i-K/iacca (no yMO/inaHMio: IN); 

► timeout=ceKyHA; 

► retry=HMC/io-nonbiTOK (no yMO/inaHMio: 2); 

► domain=MM5i-/ioKa/ibHoro-AOMeHa (no 
yMO/iHaHMfo 6epeTC5i m 3 /etc/resolver. conf); 

► server onpamMeaeMbiM_cepBep — Mcno/ib- 
soeaTb yKaaaHHbiM cepeep npM noc/ieAyioiAMx 
aanpoeax, aApec cepeepa onpeAe/iMTb c noMO- 
lAbfo TeKymero cepeepa; 

► Is [-d] MM5i-30Hbi — nepeAaTb 30Hy ue/iM- 
KOM; -d — 3TO CMHOHMM A/151 "t ANY. 

SHaneHMe napaMeTpa m/im nepeK/iioHaTe/i5i 
MO)KHO ycTaHOBMTb K/lfOHOM KOMBHAHOM CTpOKM 
(cMMBO/1 «MMHyc» nepoA MMeneM napaMeTpa) 
M/IM B c|DaM/ie HaCTpOMKM -/.nslookuprC (MO>KeT 
coAep>KaTb KOMBHAbi «set» no oahom b CTpoKe). 

Hanoc/ieAOK hoo 6 xoammo saMeTMTb, hto 
HBAO CTapaTbC5i Mcno/ib3oeaTb caMyio noc/ieA- 
Hfofo eepcMfo BIND, nocT05iHHO c/ieAMTb sa Bbi- 
xoAOM OTHOTOB o6 o6Hapy>KeHHbix omMbKax, 
CTaBMTb naTHM M, COOTBeTCTBeHHO, CBOeepe- 
MeHHO o6HOB/151Tb BOpCMM AO CBMblX CBO/KMX. 

■ ■ ■ MaKCMM CyXOMJlMH 
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# MHCTA/ 1 /i;iUMn M HACTPOMKA/_ npoTOKO/iDHCP 


J (iBTOMaTMHeCKMM 

anMMHMCTparop/ 


AMHaMMHecKoe KOHc|3Mrypi4poBaHMe 

/lio6a5i K0MnaHM5i MO>KeT CT0/iKHyTbC5i c CMTyauneM, KorAa npi/i nepexoAe 
OT OAHoro npoBaMAepa k ApyroMy ncno/ibsyeMbm AnanasoH 

IP-aApecoB. flpoueAypa ero HacrpoMKi/i OAHOo6pa3Ha n Hei/iHiepecHa, 
nosTOMy HeyAMBi/ire/ibHO, hto ee nonbiia/ii/icb aBTOMaTHSupoBaib. 


B HacT05Uuee epeM^i cymecTByei HecKO/ib- 
KO npoTOKO/iOB no;iyHeHM5i Hacipo- 
6K ceieBbix cepBMcoB. 06 oahom ms hmx, 
caMOM nony;i5ipHOM m rM6KOM — DHCP, — m 
noMAei peHb. Hcno/ibsoBaHMe stom lexHO/io- 
TMM yMCHbiuaeT 061561^1 pa6oi, Bbino;iH5ieMbix 
aAMMHMCTpaiopoM npM o6c;iy>KMBaHMM 6o;ib- 
moM ceiM, nocKO/ibKy Ms6aB;i5ieT ot Heo6xoAH- 
MOCTM BpyHHyio nponMCbiBaib MHoroHMc;ieH- 
Hbie napaMeipbi KOHCpMrypauMM npM nepeycia- 
HOBKe Ha K/iMCHTCKOM KOMnbiOTepe onepauM- 
OHHOM CMCTCMbl M/IM, HanpMMep, HOC/ie M3M6- 
HeHM5i cxeMbi aApecauMM. flpM stom Mcno;ib- 
soBaHMe DHCP He orpaHMHMBaeTC5i To;ibKO Bbi- 
AaneM nacipoeK IP-aApeca. C ero noMOiAbio 
M0>KH0 TaK>Ke nepeAaBaib aApec npoKCM-cep- 
Bepa, HacipoMKM NetBIOS m t. a* 


ripMHMMn fleMCTBMfl 

PaccMoipMM AeMCTBMe npoTOKO/ia na npMMe- 
pe no;iyHeHM5i K/iMenioM IP-aApeca. KaK ms- 
BecTHo, K/iMeHTbi B npouecce pa6oibi machtm- 
c|DMAMpyK)TC5i uo MAC-BApecy (Media Access 
Control address — annapaiHbm aApec ceie- 
Boro aAaniepa). A-n^i Ethernet-ceieM stot aA- 
pec MMeei pasMep 6 6aMi m 5iB;i5ieTC5i yHM- 
Ka/ibHbiM f\j\5\ Ka>KAoro aAaniepa. FlpoTOKO/i 
Mcno/ibsyei UDP, nopibi 67 m 68. no/iyneHMe 
BApeca npoMcxoAMT c/ieAytoiAMM o6pasoM: 

► Bo BpeMB sanycKa k/imohi oinpaa/i^ieT lUMpo- 
KOBeiABie/ibHoe coodiAenne DHCPDISCOVER. 

► AociynHbie b ceiM cepBepbi OTBenatOT k/imoh- 
ly, OTnpaB/15151 coodiAeHMe DHCPOFFER c coAep- 
>KaiAMMC5i BHyipM npeA/iaraeMbiM IP-aApecoM. » 
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CerNieHT 6yxra;iTepMM CerMeHT cepeepoB 



no/iyneHMe K/ineHTCKoro IP-aApeca Ha DHCP-cepeepe 



OnpeAe/ieHMe 

HacipoeK 

Jj^— DHCPDISCOVER J— ► 

OnpeAe/ieHMe v 
HacipoeK J 


DHCPOFFER 

L C6op OTBeioB t 

J ^ Bbi6op cepBepa 1 ^ 

DHCPOFFER j 

Server id=l 

Server id=2 J 

1 1 

1/lrHopnpoBaHne l DHCPREQUEST \ 

ripMB513Ka i 

sanpoca 

^ Server id=2 J 

HacipoeK J 


1 

1 


l/lHMUna;iM3auM5i ^ 
saaepiueHa J ^ 

DHCPACK J 


1 

1 


DHCPRELEASE J— ► 

Cn^iTMe 1 

npMB513KM J 


HacTpoMKa ISC DHCPd Ha npMiviepe He6o;ibiiJOH C6 tm 


» ► K/ineHT Ha ocHoee no/iyneHHbix npeA/io>Ke- 
HMM Bbi6npaeT cepeep, c Koioporo 6yAei npo- 
M3BOAMTbC5i Aa-nbHeMiuee no/iyHeHMe Hacipo- 
6K, M m/iei lUMpoKOBeiAaTe/ibHbm naKei D- 
HCPREQUEST c C0Aep>KaiAMMC5i BHyipM mach- 
TMcfiMKaTopoM DHCP-cepBepa. 

► CepBep, no/iyHMB naKei, ysHaei, hto K/iMeHi 
OTK/iOHM/i ero npeA/io>KeHMe (ec/iM ID cepae- 
pa B naKeie He coenaAaei c ID Aannoro cep- 
eepa), ;im6o coxpan^ieT na A^CKe npnB5i3Ky ID 
K/iMeHia (KaK npasM/io, 3io MAC-aApec) m ot- 
Benaei coo6iAeHneM DHCPACK, b KOiopoM co- 
Aep>KaTC 5 i Bce Heo6xoAHMbie Aannoro 
K/iMenia nacipoMKH. 

► ripM BbiK/ifOHeHMM K/iMeHT nocbmaei cepae- 
py coo6iAeHne DHCPRELEASE; noc/ie aioro 
cepaep CHMMaei npnB5i3Ky abiAannoro IP-aA- 
peca K AannoMy KAMeniy. 

Ba>KHO yMHTbiaaib, hto IP-aApeca abiAa- 
fOTC5i DHCP-cepaepoM lo/ibKO na onpeAe- 
Aennoe apeM5i (Lease time). flpM stom hoa- 
Aep>KMBaeTC5i Aaa lanMepa, T1 m T2. KorAa 
3aKaHHMBaeTC5i nepBbm (o6biHHo paBHbm 
npMMepHO no/iOBMHe oiBeAennoro apeMe- 
hm), K/iMeHT nbiiaeTC5i CB5i3aTbC5i c DHCP- 
cepaepoM, c KOToporo 6bi/ia no/iynena mh- 
cf)opMauM5i 0 HacipoMKe, m oinpaaA^ieT eny 
coo6iAeHne DHCPREQUEST. flpoueAypa, onn- 
canna5i Bbime, noBiop5ieTC5i, m K/iMeni aano- 
BO MHMAna;iM3MpyeT T1 m T2. 


Ec/IM AO OKOHHaHM51 T2 (no yMO/lHaHMfO 
3TO 0,875 OT o6mero apeMeHM) ot cepaepa 
ne npmu/io coo6iAeHne c nacipoMKaMM, k;im- 
eni BHOBb nocbi/iaei DHCPREQUEST m noc/ie 
no/iyHeHM5i DHCPACK OT/iK)6oro Apyroro cep- 
Bepa npoAO/DKaei pa6oiy c hobbim IP-aApe- 
COM (KOTOpblM MO>KeT COBOBAaib CO ciapbiM). 
ripM OTcyTCTBMM OTBOTa OT KaKoro-;iM6o cep- 
aepa k/imcht pery;i5ipHO, ho ne name, hom 
pa3 a MMHyiy, npoAO/DKaei nocbi/iaib 3a- 
npoc. KorAa 3aKaHHMaaeTC5i apeM5i, otboaoh- 
Hoe no BTopoMy laMMepy, k/imcht o65i3aH 
ocianoBHTb BCfo CBOfo ceieayfo aKiMBHOcib m 
H anaib npoueAypy no/iyneHM^i aApeca 3ano- 
BO, HaHMHa5i c nepaoro nynKia. 

CepBMC orpaHMHen caoen noAceibfo, m 
M cno;ib30BaHM5i OAHoro DHCP-cepaepa a ne- 
CKO/ibKMx cerMeniax neo6xoAMMO BK/ifOHMTb 
Ha MapiupyTMaaiope c|DyHKUMK) MapiupyiMaa- 
i\m DHCP/BOOTP-aanpocoa (BOOTP relay 
agent). B 3 tom c/iynae mMpoKoaeiAaTeAbHbie 
DHCP-3anpocbi 6yAyi TpaHc/iMpoBaibc^i na 
yKaaaHHbiM DHCP-cepaep. B MapiupyTMaaio- 
pax OT Cisco Systems 3 to mo>kho CAe/iaib c 
noMOiAbfo KOMaHA ip forward -protocol udp (b 
r;io6a;ibHOM KOHc|DMrypauMM) m ip helper-ad- 
dress (a KOHc|DMrypauMM HHTepc|DeMca). Mno- 
me annapaibi Cisco Moryi caMM pa6oTaib KaK 
DHCP-cepaep (a/i5i aioro Mcno/ibsyera 
KOMaHAa ip dhcp). 


ripM Mcno;ib 30 BaHMM MapiupyTMaaiopa, 
nocipoennoro na Unix-noAo6noM OC, mo>kho 
H a HeM caMOM (m;im na ;ik)6om ApyroM MaiuM- 
ne) a Hy>KHOM cerMenie ceiM aanycimb ko- 
MaHAy dhcrelay naKeia ISC DHCPd (http:// 
www.isc.org/products/DHCP). flpeMMyiAecT- 
BO aanycKa arenia coctomt b tom, hto ero 
AOCTaiOHHO HaCipOMTb TO/lbKO OAMH pa 3 , TBK 
KaK OH y>Ke HaxoAHTC 5 i bo acex m;im necKO/ib- 
KMx cerMeniax. 

Ot reopMM k npaKTMKe 

B 3aK;iioHeHi/ie paccMoipi/iM nacipoPiKy ISC 
DHCPd Ha npi/iMepe ne6o;ibiuoM ceiM KOMna- 
HMi/i, 3aHMMaioiAeMC5i paapadoTKoPi Be6-caPiT0B. 

flonycTMM, HTO ecTb ipM cerMOHia, cooam- 
HeHHbix Me>KAy co6om MapiupyTMaaiopoM. B 
OAHOM M 3 HMx HaxoA 5 iTC 5 i MaiuMHbi 6yxra;iTe- 
pMM, a ApyroM — pa6oHMe ciaHUMM ae6-AM- 
aaiiHepoB m nporpaMMMCioa, a ipeibeM — 
cepaep opraHMsauMM, na KoiopoM pa6oTaei 
Samba m DNS. B Kaneciae onepauMonnoM 
CMCieMbi MapmpyTMsaiopa Mcno/ibayeic^i 
FreeBSD. Y byxra/iiepoa noAceib 10.1.0.0/ 
255.255.255.0 c aApecoM MapiupyiMaaiopa 
10.1.0.1, CKOHcfiMrypMpoBaHHbiM na MHiep- 
c|DeMce rlO; y AHaaMHepoa m nporpaMMMC- 
TOB — 10.2.0.0/255.255.255.0, 10.2.0.1, 
rll; y cepaepa — 10.3.0.0/255.255.255.0, » 
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# MHCTA/l/iyiUM51 M HACTPOMKA/ 


npoTOKO/i DHCP 


» 10.3.0.1, rL2; IP-aApec cepeepa — 10.3.0.3. 
Cepeep oamh, oh MMeei ciaiMHecKHM IP-aA- 
pec, nosTOMy ero noAceib DHCP-cepeepoM 
o6c/iy>KMBaTbC5i He 6yAei. B 6yxra/iTepcKOM 
noAceiM HaxoA5iTC5i lo/ibKO Ase pa6oHne 
ciaHAMM. B ipeibeM noAceiM naxoA^iTC^i ne- 
CKO/lbKO pa6oHMx CiaHAMM nporpaMMMCTOB M 
AMsaMHepoB M Be6-cepBep lecTHpoBa- 
HM51 (MHorAa cfOAa >Ke noAK/ifonaeic^i Hoyi- 
6yK Hana/ibHHKa). 

DHCP-cepBep /lyniue Bcero sanycKaib np5i- 
MO Ha MapmpyTMsaTope, nocKO/ibKy oh naxo- 
AMTC51 cpasy BO Bcex cerMeniax ceiM m sto ms- 
6aBMT OT Heo6xoAMMOCTM HacTpoMKM dhcreLay. 
fl/151 pa6oTbi Bbi6epeM naKei ISC DHCPd Bep- 
CMM 3.0. B FreeBSD name Bcero Mcno/ibsyera 
MMeHHo 3TOT cepBep OT ISC (Internet Software 
Consortium). OAHaKO b ciaHAapTHbm ahctpm- 
6yiMB OH He BXOAMT, noaiOMy CHana/ia ero na- 
AO yCiaHOBMTb M3 KO/UieKUMM nopTOB. riyib K 
nopiy naKeia — /usr /ports/net/isc-dhcp3- 
server. Ochobhom c|DaM;i KOHcfiMrypauMM cepBe- 
pa /usr/LocaL /etc/dhcpd.conf. flpM ycianoB- 
Ke cepBepa b 3iy >Ke AnpeKTopMfo KonMpyeic^i 
o6paseu cfiaM/ia KOHcfiMrypauMM dhcpd.conf. 
sample. Bbi MO>KeTe MSMeHMib HasBanne m 
peAaKTMpoBaib ero m;im cosAaib hobbim 
cf)aM;i. l/liaK, HanneM. Flo yMO/inaHMfo Lease 
time 6yA6T paBHbiM 12 nacaM, hto nosBO/iMi 
aAMMHMCTpaiopy ycneib npMexaib b ocjDMC m 
Bce McnpaBMTb, ec/iM c DFICP-cepBepoM 
BApyr HTO-TO C/iyHMTC51. 

default-lease- time 43200; 


OrpaHMHMM MaKCMMa/ibHoe BpeM5i pesepBM- 
pOBaHM51 K/lMeHTOM IP-aApOCa n^lTbfO AH51MM. 

max-lease-time 432000; 

Bce MaiuMHbi b ceiM Mcno/ibsyfoi WINS, ko- 
TopbiM npeAOCTaB/i5ieT pa6oTafoiAa5i na cepaepe 
Samba; ecex Mcno/ibsyeic^i oamh DNS-cep- 
Bep M OHM HaxoA5iTC5i B AOMOHO myorg.ru: 

option netbios-name-servers 10.3.0.3; 
option domain-name-servers 10.3.0.3; 
option domain-name "myorg.ru"; 

Obt^iEMM noAceib byxraniepMM: 

subnet 10.1.0.0 netmask 255.255.255.0 { 
range 10.1.0.2 10.1.0.10; 
option routers 10.1.0.1; 

} 

# ObtHBUM noAceTb nporpaMMviCTOB vi avi- 
saunepoB: 

subnet 10.2.0.0 netmask 255.255.255.0 { 
option routers 10.2.0.1; 

«rOCTeBblX» KOMUbfOiepOB BblAeAMM 

noAAnanasoH m yMeHbiuMM lease time: 
pool { 

range 10.2.0.200 10.2.0.254; 
default-lease-time 300; 
max-lease-time 600; 
allow unknown clients; 

} 


PaboHMM CTaHAM5iM >KenaTenbHO MMeib no- 
CT051HHblM IP-aApeC, nOCKOAbKy 3TO, HanpM- 
Mep, obnernaeT aHanMS noroB eeb-cepeepa. 
KnMeHiaM, He ynoM^inyibiM HM>Ke b onMcaHM^ix 
host {}, He 6yAyi BbiAaeaTbc^i aApeca m 3 A^a- 
na30Ha 10.2.0.10 — 10.2.0.199. 

pool { 

range 10.2.0.10 10.2.0.199; 
default-lease-time 43200; 
deny unknown clients; 

} 

} 

group developers { 

KAMeHTbi 6yAyi noAyHaib cbom MMena 
xocTOB OT DFICP-cepeepa; mm5i 6epeTC5i m 3 
host hostname { .. } 

use-host-decl-name on; 
host designl { 

KAMeHTbl MAeHTMCf)MAMpyK)TC51 uo MAC-aA" 
pecy ceTeeoro aAanTepa: 

hardware ethernet 
00:01:02:03:04:05; 

} 

host design2 { 
hardware ethernet 
00:00:00:00:00:02; 

} 

host devl { 
hardware ethernet 
00:00:00:00:00:03; 

} 

host dev2 { 
hardware ethernet 
00:00:00:00:00:04; 

Fla xocTe dev2 ycTaHoenen cepsMC, c koto- 
pbiM paboTafOT ApyrMe npMno>KeHM5i, noBTOMy 
STOMy KOMUbfOTepy Hy>KHO BcerAa BbiAaeaTb 
OAMH M TOT >Ke IP-aApoc. 

fixed-address 10.2.0.20; 

} 

} 

■ ■ ■ KoHCTaHTMH CTapoAybAeB 


CTaHflapTbi M opraHMsaiiMM 


l/ICTOpMA np0HCX0)KfleHMfl 

ripOTOKOn AHHaiVIMHeCKOM HaCTpOMKM DHCP 
(Dynamic Host Configuration Protocol) 6bm 
C03A9H OAHOM M3 paOoHMX rpyun IETF 
(Internet Engineering Task Force) — He- 
KOMMepnecKOM opraHMsauMM, KOTopan 
onpeAenneT m paspabaTbieaeT npoTOKonbi 
A/iH MHTepHeTa. 3a ocHoey 6bm b3ht oum- 
caHHbiM B RFC 951 (http://www.ietf.org 
/rfc/ rfc2131.txt) npoTOKon sarpysKM 
BOOTP (Bootstrap Protocol). C ero noMO- 
U^blO KAMeHT BO BpeiVIH SarpySKM MO>KeT 
nonyHMTb HasHaneHHbiM eiviy IP-aApec, ys- 


HaTb IP-aApec cepBepa m Mivm (})aMna, ko- 
TopbiM Hy>KHO sarpysMTb m BbinonHMTb a-hh 
sarpysKM CMCTeMbi. DHCR KOTopbiM 6bm 
onMcaH B RFC 2131 (http://www.ietf.org 
/rfc/ rfc951.txt), OTAMnaeTcn ot Hero tom, 
HTO nosBonneT AHHaiviMnecKM reHepMpo- 
BaTb HeoOxOAMMyiO A-HH HaCTpOMKM MHCpOp- 
MauMio, a TaK>Ke nepepacnpeAennTb y>Ke 
cyiAecTByiOLAMe aApeca npmvio b npouecce 
paOoTbi KAMeHTa m nonynaTb pasnMHHbie 
napaivieTpbi c OAHoro mam HecKonbKMx 
DHCP-cepaepoB. 
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3HaeT, 

HMiaei 


CHIR 


L{eHa 3a: 

6 cneuBbinycKOB 552 py6 
12 cneifBbinycKOB 1104 py6. 


I I/I3B6 


HsBemeHMe 


Kaccup 




KBMTaH4M51 

Kacci/ip 


l/IHH 7705056238 3 A 0 ''l/l 3 AaTe;ibCKMM flOM ''Bypfla'' 


p/cH Ng 40702810900020106298 b C6ep6aHKe Poccmm r. MocKsa 
k/ch N 2 30101810400000000225 b OflEPy Mock. TTV BaHKa Poccmm 
BMK 044525225 


n/iaie/ibiuMK 


AApec 


HasHaneHMe n;iaTe>Ka 


CHIP Special 


HOMepOB 


CyMMa 


rioflnMCb n/iaie/ibLAMKa 


l/IHH 7705056238 3 A 0 ''l/l 3 AaTe;ibCKMM flOM ''Bypfla'' 


p/cH N2 40702810900020106298 b C6ep6aHKe Poccmm r. MocKBa 
k/ch N° 30101810400000000225 b OHEPY Mock. TTV BaHKa Poccmm 
BHK 044525225 


ri/iaTe/ibLAMK 


AApec 


HasHaneHMe n;iaTe>Ka 


CHIP Special 


HOMepOB 


CyMMa 


noAHMCb n/iaie/ibiAMKa 


(ueHa c KOMnaKT-AMCKOM) 


fl/151 oc|3opM;ieHM5i noAHMCKM sano/iHMie n/iaTe>KHbiM 
AOKyMCHT M on/iaiMie cbom saKas nepes oiAe/ieHMe 
C6ep6aHKa. 


HCTIJIflimii 


ripM sano/iHeHMM 6;iaHKa pa36opHMBO yKa>KMTe cfiaMM/iMK), 
v\m, OTHecTBO no/iHOCTbfo, noHTOBbiM MHA6KC M BApec 
no;iyHaTe;i5i. B rpacfie «Ha3HaHeHMe n;iaTe>Ka» HanMiuMie 
KO/iMHecTBO HOMepoB M3A3HM51. B rpacfie «CyMMa» npo- 
ciaBbie cyMMy 3a Bbi6paHHoe bbmm KO/iMHeciBO HOMepoB. 

AApec A^^ niiceM: 125284 
MocKBa, a/B 125 

Tejiec|)OHbi a^^ cnpaeoK: 

3A0 «BypAa A>^peKT» (095) 916-5706 
E-mail: abo@burdadirect.ru 
3A0«AnP» (095) 101-2537 

noAUMCKa Mepe3 l/lHTepHer: 
www.burdadirect.ru, www.pressa.apr.ru 

PacnpocipaHeHMe m noAnMCKa b Be/iopyccMii: 
yn «P3 M-Hhc|30», Mmhck, le/i. (017) 291-9891/98 
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# MHCTA/1/i;iUMn M HACTPOMKA/ 


c;iy>K 6 a NAT 



Ka/]M(popHMMCKMM 
CTpenOHHMK/_. . 


OOIUMM BbIXOA B MHTepHeT 

flocTyn B l/lHTepHei ceroAHfl cipeMmeAbHO AeiiJeseer. Bee naiAe Ha paa- 
AMHHbix cjDopyMax cnpaiiJMBaioT: «KaK CAe^aib rax, HTo6bi HecKOAbKO 
KOMnbtoTepoB y MeHfl AOMa mofam pa6oTaTb b HHTepHere nepea oaho 
noAKAtoHeHMe?» Ecah >Ke roBopmb o HopMa^bHOM cepeepe KpynHOM ao- 
KaAbHOM ceTM, 3TOT Bonpoc CTaHOBHTCfl 6ABa m He nepBOOHepeAHbiM. 


n^\ peiueHM5i nocTae/ieHHOM saAaHU mc- 
no;ib3yeTC5i NAT — Network Address 
TransLation. 3 tom c()yHKUMeM AO/i>KeH 
o6;iaAaTb MapiupyiMsaiop, BK/iioHaeMbiM Me>K- 
Ay BameM BHyipeHHeM ceibio m klHTepHeioM. 
MapiupyiMsaiop — aio cneuna/insupoBaH- 

HblM KOMnblOTep, OCHOBHbIM HaSHaHeHUeM KO- 

Toporo 5iB;i5ieTC5i Aa/ibHeMiua5i nepeAana npn- 
XOA511AMX Ha Hero IP-naKeiOB b Hy>KHOM na- 
npaB/ieHMM. HanpaB/ieHMe Bbi6MpaeTC5i mcxo- 
A51 M3 Ha6opa npaBM/i, Koiopbm Ha3biBaeTC5i 
«Ta6;iMAeM MapiupyTM3aAMM». Pa3;iMHaiOT 
«CTaTMHecKyio» m «AMHaMMHecKyio» Mapmpy- 
TM3auMio: B nepBOM c/iynae 3anMCM b Ta6;iMAe 
MeH5HOTC51 TO/lbKO aAMMHMCTpaiOpOM CMCTO- 
Mbl, a BO BTOpOM M3MeHeHM51 BHOC51TC51 BBTO- 

MaiMHecKM, cor/iacHO MHcj)opMauMM, npMiueA- 
meM OT ApyrMx MapiupyTMaaiopoB. 

/lfo6a5i pa6oia b cotm — 6yAb to npo- 
CMOip Be6-CTpaHMA, paaroBop no ICQ m;im 
HTOHM e noHTbi — npeACTaB/i5ieT co6om o6Men 


IP-naKeiaMM Me>KAy KOMnbfoiepoM K/iMenia m 
cepBepoM B l/lHiepHeie. Ka>KAbiM IP-naKei 
cocTOMT M3 3aro/iOBKa M no;i5i AaHHbix. B aa- 
ro/iOBKe ecTb Asa K/ifoneBbix no;i5i: aApec ot- 
npaBMTe/151 m aApec no/iyHaie/i^i, SRC IP m DST 
IP. NAT McnpaB/i5ieT b npoxoA^iiueM nepea 
MapiupyTMaaiop naKeie no/ie SRC IP laK, hto- 
6bi BMecTO aApeca K/iMOHicKoro KOMnbfoiepa 
B 3TOM no/ie 3HaHM/ic5i IP-aApec caMoro Map- 
mpyTMaaiopa, aanoMMHa^i npM 3 tom Bce napa- 
Meipbi McxoAHoro naKeia. TaKMM o6paaoM, 

KorAa OT cepBepa b l/lHTepneTe npMAOT otbot- 
HbiM naKOT, MapmpyTMaaTop CMO>KeT npoMaae- 
CTM o6paTHyfo aaMeny m AOCTaBMTb 3 tot naKOT 
K/iMeHTCKOMy KOMnbfOTepy. rioApo6Hee o NAT 
MO>KHO npOHMTaTb B pyKOBOACTBO M/IM B PTian- 
CTpaHMuax, Ha6paB KOMaHAy man natd. 

FreeBSD npeACTaB/i5ieT co6om, no>Ka;iyM, mao- 
a/ibHbiM nporpaMMHbiM NiapiupyTMaaTop. Abtop 
AO/ iroe BpeM5i Mcno/ibaoBa/i Linux, ho noc/ie ce- 
pMM 3KcnepMMeHTOB o6Hapy>KM;i, hto FreeBSD b » 
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» A3HH0M cmyauMM ycTaHae/iMBaera m HaapaM- 
BaeTC5i 6biapee m npoiue, saHMMaei MeHbiue we- 
cia, a pa6oTaeT npaKTMHecKM laK >Ke. flpM pa6o- 
le B KanecTBe MapiupyiMsaTopa ceiM ochobhom 
HeAOCiaTOK 3TOM CMCieMbi — NieHee rn6KMM NAT, 
H6M B Linux. Ho b 6o/ibiuMHCTBe c/iynaeB Heo6- 
XOAMMOCTM TOHKOrO KOHC|3MrypMpOBaHM51 TpaHC- 
j]5\u,m cereBbix aApecoB He BOSHMKaei. 

fla/iee Mbi paccMoipMM npouecc HacipoMKM 
OC Bbino;iHeHM51 cfiyNKUMM MCK/lfOMMie/lb- 
Ho MapmpyTMsaTopa. Ec/im Bbi xoime, HTo6bi 
3ia >Ke MaiuMHa oiBena/ia sa noniy m ApyrMe 
C|DyHKUMM, AOCTaTOHHO npOCTO He BHOCMTb CO- 
OTBeiCTByfoiAMx ynoMMHaeMbix MSMeneHHM b 
KOH c|DMrypauMOHHbie c|DaM;ibi. 

B r/iy6MHbi CMcreMbi 

riocKO/ibKy MapiupyTM3auM5i m NAT 5ib;i5ik)tc5i 
CiaHAapTHblMM KOMnOHeHiaMM CMCieMbi, BCe mx 
HacipoMKM BbmeceHbi b CMCieMHbie KOHcfiMry- 
pauMOHHbie c|3aM;ibi. Bee KoppeKiMpoBKM npo- 
M3BOA51TC51 B cjDaM/ie /etc/rc.copf (b HeM nepe- 
onpeAe;i5iK)TC5i HacipoMKM cMcieMbi no 
yMO/iHaHMfo, onMcaHHbie b /etc/defauLts 
/rc.conf). Boi npMMepHoe C 0 Aep>KaHMe 3ioro 
cfiaM/ia noc/ie yciaHOBKM cMcieMbi: 

# — sysinstall generated deltas - # Tue 

May 27 20:27:58 2004 

# Created: Tue May 27 20:27:58 2004 

# Enable network daemons for user con- 

venience. 

# Please make all changes to this file, not 

to /etc/defaults/rc.conf. 

# This file now contains just the overrides 

from /etc/defaults/rc.conf. 
font8xl4="cp866-8xl4" 
font8xl6="cp866b-8xl6" 
font8x8="cp866-8x8" 
kern_securelevel_enable="NO" 
keymap="ru.koi8-r" 
keyrate="fast" 
mousechar_start=" 3 " 
nfs_reserved_port_only="YES" 
saver="daemon" 
scrnmap="koi8-r2cp866" 
sendmail_enable="YES" 
sshd_enable="YES" 

ripe>KAe Bcero oiK/iioHMie aaioMaiMHecKMM 
sanycK noHiOBoro cepaepa sendmail — ero He- 


o6xoAMMOcib Ha MapiupyiMsaiope Kpanne co- 
MHMie;ibHa. 3ioro b napaMeipe sendma- 
il_enable Hy>KHO MSMOHMib snaneHMe «YES» na 
«N0». rioc;ie nepesarpysKM sendmail Bce-iaKM 
6yA6i sanyiAeH, ho io;ibKO na BHyipenneM ce- 
leBOM MHiepcjDeMce loO c aApecoM 127 . 0 . 0.1 — 
310 Hy>KHO A^^ Toro, Hio6bi onepapMOHHa5i cmc- 
leMa Moma npMCbmaib aAMMHMcipaiopy oineibi 
0 CBoeM pa6oie, Koiopbie aaioMaiMnecKM co- 
3AaioiC5i c saAaHHOM nepMOAMHHocibio. 

Tenepb Hy>KHO BnMcaib IP-aApeca 
o6eMx ceieBbix nnai, ycianoBneHHbix b kom- 
nbfoiepe. B onepauMOHHOM CMCieMe FreeBSD, 

B oinMHMe 01 Linux, HasaaHMe ceieBoro mh- 
lepcfieMca saBMCMi oi MsroiOBMien^i ceieaoM 
nnaibi. B nameM enynae 3io lUMpoKO paenpo- 
cipaneHHbie Kapibi Realtek. 51 apo onepauM- 
OHHOM cMcieMbi onpeAe/i5iei laKMe KapioHKM 
KaK ycipoMciBa RIO, Rll m laK Aa/iee. 

VciaHaBnMBaeM na oahom Kapie IP-aApec m 
MacKy noAceiM, BbiAannyio npoBaMAepoM, a 
iaK>Ke yKasbiBaeM mmos noyMonnaHMio 
( 12 . 34 . 45 . 1 ). HaApyroM Kapie ycia naan MBaeM 
npMBaiHbiM aApec (IP-aApec m 3 Anana3ona, 
cneuManbHO BbiAenennoro f\ni\ Mcnonb3oaaHM5i 
B noKanbHbix cei5ix) 192 . 168 . 232.1 c MacKOM 
noAceiM 255 . 255 . 255 . 0 . flenaera 3io noepeA- 
ciBOM Ao6aaneHM5i c noMOiAbio leKCiOBoro pe- 
AaKiopa B /etc/rc.conf cneAyioiAMx cipoK: 

ifconfig_rlO="inet 12.34.45.56 netmask 
255.255.255.0" 

ifconfig_rll="inet 192.168.232.1 netmask 
255.255.255.0" 
defaultrouter=" 12.34.45.1" 

3 aieM yKaabiaaeM, na KaKOM MHiepcjDeMce 
HaM Hy>KHO BbinonH 5 iib ipancn^iUMfo aApecoB 
(oObIHHO 310 BHeiUHMM MHiepcjDeMC), M BK^fO- 
HaeM aaiOMaiMHecKMM aanycK NAT c Hy>KHbiMM 
HaM OHAM 51 MM: 

natd_enable="YES" 
natdjnterface="rl0" 
natd_flags="-u -s -m" 

3A6Cb cneAyei CAe/iaib nebonbiijoe oi- 
ciynneHMe m paccKaaaib o iom, KaK Boobiue 
BO FreeBSD opraHM3yeiC5i NAT. B oinMHMe oi 
Linux, TAe ipaHcn5iuM5i ceieBbix aApecoB Bbi- 
nonH5ieiC5i HenocpeACiBenno 5iAP0M, bo 
FreeBSD ona BbinonH5ieiC5i b nonbaoaaienb- 


CKOM nporpaMMHOM npocipanciae c noMO- 
lAbfo cneuManbHoro ASMona natd. CipoHKa 
natd_enable KaK paa m BKmoHaei aanycK 
natd npM 3arpy3Ke CMCieMbi m nepeAaei eMy 
napaMeipaMM mm5i MHiepc|DeMca m 3 natdjn- 
terface m KmoHM m 3 natd_flags. 

B3aMMOAeMciBM5i Me>KAy 5iAP0M one- 
pauMOHHOM CMCieMbi M nporpaMMOM natd cy- 
lAeciayei cneuManbHbiM imp coeAMHeHMM, na- 
3biBaeMbix Divert Sockets. ripMHAMn paboibi 
npoci: OpaHAMayap, KOiopbiM noyMonnaHMio 
ycianoBnen b CMCieMe, mo6oM npMmeAUiMM na 
MapmpyiM3aiop naKei nepecbmaei b Divert 
Socket, a natd m 3 Hero HMiaei naKeibi, o6pa- 
OaibiBaei m oinpaan^iei naaaA. 

K co>KaneHMK), no HeM3BeciHOM npMHMHe b 
5iApe FreeBSD, Koiopoe ycianaB^MBaera no 
yMonnaHMio, 3ioi imp coeAMHeHMM oiKmoneH. 

ero bkimbbumm HeobxoAMMa nepeebopKa 
5iApa onepauMOHHOM cMcieMbi (o iom, KaK 3io 
AenaeiC5i, Bbi MO>Keie npoHMiaib b ApyroM 
ciaibe 3ioro HOMepa). KopoiKO roBop^i, 3io 
MO>KHO CAe/iaib cneAyioiAMM obpaaoM (ace 
KOMaHAbi BbinonH5UoiC5i nonbsoBaieneM root): 

cd /usr/src/sys/i386/conf 

cp GENERIC MYKERN 

echo "options IPDIVERT" » MYKERN 

cd ../../compile/MYKERN 

make depend all install 

reboot 

Tenepb y Bac b onepauMOHHOM CMCieMe 
ecib noAAep>KKa Bcero HeobxoAMMoro m 
M 0>KH0 3aH5iibC5i HacipoMKOM 6paHAMay3pa. » 


flAiocbi M MMHycbi FreeBSD 


HageiKHOCTb h npocTOTa 

+ HMSKMe ipeOoeaHMH k annapaiHOMy 
oOecneneHMio — a-hh HopivianbHOM pa6o- 
ibi AOCiaiOHHO ueHipanbHoro npouecco- 
pa ypoBHH Pentiunn 166, 64 M6aMi 03Y 
M 1 rOaMi CBoOoAHoro npocipaHCiBa Ha 
>KeCIKOM A^iCKe. 

+ ripocioia HacipoMKM. 

+ HaAe>KHOCib paOoibi, ocobeHHO b ycno- 
BMHX OonbLuoM HarpysKM. 

- HenonHan noAAep>KKa caivioro HOBoro 
annapaiHoro oOecneneHMH mpm ee 
oicyiciBMe. 
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# MHCTA/1/i;iUMn M HACTPOMKA/ 


c;iy>K 6 a NAT 


router# netstat -rn 
Routing tables 
Internet: 


Destination 

Gateway 

Flags 

Refs 

Use 

Netif Expire 

default 

12.34.45.1 

UGSc 

4 

7221547 

rlO 

12.34.45.0 

ff:ff:ff:ff:ff:ff 

UHLWb 

1 

95903 

rlO => 

12.34.45.0/24 

link#l 

UC 

2 

0 

rlO 

127.0.0.1 

127.0.0.1 

UH 

1 

36013 

loO 

192.168.232 

link#2 

UC 

1 

0 

rll 


router# 


Ta6;mua 1. Pesy/ibrar Bbino/iHeHMn KOiviaHAbi netstat 


» c/iyna^i npocToro MapiupyiMsaTopa hm- 

KaKMx oco6eHHbix HacipoeK He Tpe6yeTC5i — 
AOCTaTOHHo CAe/iaib ero no/iHocTbfo oiKpbi- 
TbiM, Ao6aBMB B /etc/rc.conf c/ieAywuMe 
ABe cipoKM: 

firewall_enable="YES" 
fire walLtyp e= " op en " 

Ocia/iocb numb BnMcaib b KOHcj3MrypaAH- 
OHHblM c|DaM;i MM51 CepBepa M BKnfOHMTb Map- 
mpyTHsauMfo: 

hostname="router" 

gateway_enable="YES" 

Tenepb mo>kho, sanMcaa cfiaMn, nepesarpy- 
3MTb MaiuMHy. rioc/ie nepesarpysKM Mapmpy- 
THsaiop no/iHOCTbfo roTOB K pa6oie, hto mo>k- 
Ho npoBepi/iTb c noMOiAbfo nporpaMMbi ping: 

router# ping 12.34.45.1 
PING 12.34.45.1 (12.34.45.1): 56 data 
bytes 

64 bytes from 12.34.45.1: icmp_seq=0 
ttl=58 time=42.992 ms 
64 bytes from 12.34.45.1: icmp_seq=l 
ttl=58 time=43.173 ms 
64 bytes from 12.34.45.1: icmp_seq=2 
ttl=58 time=44.291 ms 
— 12.34.45.1 ping statistics — 

3 packets transmitted, 3 packets received, 

0% packet loss 

round-trip min/avg/max/stddev = 
42.992/43.485/44.291/0.574 ms 
router# 

KaK BMAMie, naKeibi xoa^it. Ho ec/iM 
npo6;ieMbi Bce-iaKM BOSHMKafoi, mx AnarHoc- 
TMKy HaAO HaHMHaib c npocMOipa cocto5ihm5i 


ceieBbix MHTepc|DeMCOB. fle/iaera aio c noMO- 
lAbfo KOMaHAbi ifconfig. Bot npMMepHbm pe- 
sy/ibiai ee pa6oibi: 

router# ifconfig -a 
rlO: 

flags=8843<UP,BR0ADCAST,RUN- 
NING,SIMPLEX,MULTICAST> mtu 1500 
inet 12.34.45.56 netmask OxffffffOO 
broadcast 12.34.45.255 
ether 00:40:f4:60:9e:c2 
media: Ethernet autoselect (lOObaseTX 
<full-duplex>) 
status: active 
rlO: 

flags=8843<UP,BR0ADCAST,RUN- 
NING,SIMPLEX,MULTICAST> mtu 1500 
inet 192.168.232.1 netmask OxffffffOO 
broadcast 192.168.232.255 
ether 00:40:f4:60:9e:c3 
media: Ethernet autoselect (lOObaseTX 
<full-duplex>) 
status: active 
loO: 

flags=8049<UP,L00PBACK,RUNNING,M 
ULTICAST> mtu 16384 
inet 127.0.0.1 netmask OxffOOOOOO 
router# 

l/l3 npHBeACHHoro npMMepa bmaho, hto y 
Hamero MapiupyTMaaiopa ecib ipM ceieBbix 
HHTepcfieMca (rlO, rll m c;iy>Ke6Hbm loO). Kpo- 
M6 TOrO, MbI BMAMM, KaKMO IP-aApOCa Ha3Ha- 
HeHbl Ka>KAOMy H3 MHTepc|DeMCOB, M COCT051HMe 
coeAMHeHM5i Ha Ka>KAOM M3 ceieBbix Kapio- 
HeK. B c/iynae npo6;ieM c Ka6e;ieM b rpacfie 
status 6yA6T nanMcano no Link. rio/iesHo 6y- 
AOT TaK>Ke nocMOipeib laG/iMuy MapiupyiMsa- 
i\m c noMOiAbfo KOMaHAbi netstat, peay/ibiaibi 
paGoTbi KOTopoM npMBeAeHbi b laG/iMue 1. 


Tenepb mo>kho HacipaMBaib K/iMenicKMe 
KOMnbfoiepbi (noApa3yMeBaeTC5i, hto ohm 
6yAyi paGoiaib noA oahom m3 OC ceMeMciBa 
Microsoft Windows). 3Toro AOCTaioHHO 
nponMcaib b HacipoMKax ceiM aApeca m 3 
noAceiM 192.168.232.2-192.168.232.254 c 
MacKOM 255.255.255.0 m yKaaaib b KanecT- 
Be mnioaa no yMO/inaHMio 192.168.232.1. 
BnMiuMTe TOT DNS-cepBep, KOTopbiM yKaaaH 
npoBaMAepoM. Floc/ie Bbino;iHeHM5i Bcex He- 
o6xoAMMbix onepauMM Ha K/iMenicKMX kom- 
nbfoiepax Aociyn b l/lHTepneT ao/dkch pa- 
Goiaib. ripoBepMTb 3 to mo>kho c noMOiAbio 
KOMaHAbi ping: 

C:\>ping 12.34.45.1 

06MeH naKeiaMvi c 12.34.45.1 no 32 6auT: 

Otbot ot 12.34.45.1: hmcjio 6auT=32 epe- 
mh=16mc TTL=55 

Otbot ot 12.34.45.1: mmcjio 6auT=32 Bpe- 
mh<10mc TTL=55 

Otbot ot 12.34.45.1: mmcjio 6auT=32 Bpe- 
mh<10mc TTL=55 

Otbot ot 12.34.45.1: mmcjio 6auT=32 Bpe- 
mh<10mc TTL=55 

CTaTMCTviKa Ping ajih 12.34.45.1: 

IlaKeTOB: OTnpaBjieno = 4, nojiyueno = 4, 
noTepHHO = 0 (0% noTepb), 

IIpvi6jivi3viTejibHoe BpeMH nepeAauvi vi npvi- 
eMa: HaviMenbiuee = 0 mc, navibojib- 
mee = 16 mc, cpeAnee = 4 mc 

BbIXOn OTKpbIT 

KaK Bbi, HaaepHoe, y6eAM/iMCb, nacipoMib 
cf)yHKUMM MapiupyiMsauMM bo FreeBSD ropaa- 
AO npome, HeM, nanpMMep, b Windows Server 
2003. KoHeHHO, KaK Mbi y>Ke roBopMnM, no 
cpaBHeHMK) c Linux Aanna^i c;iy>K6a necoaep- 
meHHa. OAHaKO, ynMibiaa^i Apyrne nniocbi 
FreeBSD, mo>kho CKaaaib, hto y Bac ap5iA nv \ 
B03HMKHyi KaKMe-HM6yAb npo6neMbi (paaae 
HTO Bbi nociaBMie nepeA co6om aaAany co- 
3AaHM5i KaKOM-HM6yAb caepxc;io>KHOM ceiM, b 
KOT opoM 6yAyi npMcyTCTBoaaTb MaiuMHbi c co- 
aepiueHHO pasHbiMM onepauMOHHbiMM CMCie- 
mbmm). Hy, a ec/iM ipyAHOciM Bce-iaKM bo 3- 
HMKHyi, Ha noMOiAb aaM BcerAa npMAyi 
cfiaM/ibi noMOiAM. FloMHMTe, hto o6pamaTbC5i k 
HMM He aasopHo Aa>Ke onbiiHOMy aAMMHMci- 
paiopy. ■ ■ ■ Ahtoh HorviHOB 
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# MHCTA/1/i;iUMn M HACTPOMKA/_ Be6, FTP M Mail 


J CepaepHafl 

HMpBaHa/_. . 

HacTpoMKa ochobhbix cepaMcoa 

Paa/iMHHbie cepeepbi, KOTopbie o 6 c;iy}KMBatoT Be 6 -caMTbi, o 6 ecneHHBaioT 
nepeAany (JjaM/ioB no npoTOKony FP, noMoraioT/itoA^M o 6 MeHMBaTbca 
TeKCTOBbiMM coo 6 iAeHMflMM M T. Av KBK opaBuno, pa 6 oTatoT noAynpaBne- 
HM 6 M Unix-CMCTeM. M KorAa Tpe 6 yeTCB o 6 ecneHHTb KOMnneKCHbie Tpe 6 o- 
Banm a/iji cepBepHoPi OC, Bbi 6 op aanacTyio naAaei HMeHHO Ha FreeBSD. 


H e Bcerfla bo 3 mo>kho opraHMSOBaib mho- 
wecTBO cepaepoB, Bbifleaafl noA Ka>K- 
AyK) KOHKpeiHyio saAaMy no OTAeabHoii 
MaiuMHe. FreeBSD no3Bo;i5ieT pea/iMSOBaib He- 
CKO/ibKO cepaepoB Ha oahom FIK. F/iaBHoe b 
3TOM c/iynae — noMHMib, hto laKa^i MaiuMHa 
AO/DKHa MMeib COOTBeiCTByfOlAMM ypoBeHb 
npOMSBOAMTe/lbHOCTM, HeCMOip51 Ha HM3KHe 
Tpe6oBaHM5i 3TOM OC K annapaiHOMy o6ecne- 
HeHMfo. B AaHHOM ciaibe Mbi paccMoipMM op- 
raHM3auMK) oiAe/ibHbix cepaepoB, ho noroBO- 
pMM M 0 TOM, KaK opraHM30Baib pa6oiy Bcex 
3TMX c;iy>K6 na oahom MaiuMHe. HanHeM c to- 
ro, KaK HacTpaMBaeTC5i WWW-cepBep. 

n;iaT(|)opMa a/ifl caMToa 

CymecTByfoiAMe Unix-n;iaTc|DopM Be6- 
cepaepbi aaMeiHo paa/iMHafoic^i no c|DyHKUMo- 
Ha/lbHOCTM. OaHM M 3 HMX npeACTaB/151K)T co- 
6 om He6o;ibiuMe, ho 6bicTpoAeMCTByfoiAMe 
AeMOHbi, ApyrMe — ue/ibie nporpaMMHbie na- 
Keibi, MaciUTa6MpyeMbie npM homoiam MOAy/ieM 


OT CTopoHHMx pa3pa6oTHMKOB. \iovf\a peHb 3a- 
xoAMT 0 Bbi6ope KOHKpeiHOM nporpaMMbi, Aa- 
>Ke HOBMHKM B o6/iaCTM CaMTOCTpoeHM51 o6blH- 
Ho cpaay BcnoMMHafoi Apache Web Server 
(http://httpd.apache.org). V\cTopm pa3BMTM5i 
3Toro Be6-cepBepa nanMnaeic^i c 1995 roAa. 

Ero paapaboTHMKM hocto^ihho o6MeHMBa;iMCb 
o6HOB/ieHM5iMM M «3an;iaTKaMM» (patches), no- 
3T0My cepaep Ha3biBa;iC5i A Patchy Server. 
rio3AHee 3T0 Ha3BaHMe TpaHcc|DopMMpoBa;iocb 
B coBpeMeHHoe «BOMHCTBeHHoe» Apache. 

Ha ceroAH5i 3to oamh m3 caMbix pacnpocipa- 
HeHHbix, tm6kmx m HaAe>KHbix aeb-cepaepoB. 

Oh AOCiyneH KaK na Unix-noAo6Hbix, laK m 
H a Windows-n;iaTc|DopMax, noAAep>KMBaeT Bce- 
B03M0>KHbie PHP- M CGI-CKpMnibi. Bee 3T0 
no3Bo;i5ieT coBAaeaib Kpoccn;iaTc|DopMeHHbie 
aKTMBHbie Be6-npM;io>KeHM5i. CymecTByfOT Ase 
BeiBM AaHHoro cepaepa: cepMM 1.3 (noc/ieA- 
H5151 CTa6M/lbHa51 BepcM5i 1.3.31) M cepMM 2.0 
(noc;ieAH5i5i BepcM5i 2.0.48). 

B AaHHOM ciaibe Mbi 6yA6M paccMaipMeaib 
Apache 1.3. Xot5i CMHiaKCMC m npouecc ycia- » 
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» HOBKM A-n 51 BepCMM 2 . 0 .X HeMHOrO OT/lMHaK)TC 51 , 
B OCHOBHOM OHM CXO>KM C BepCM 51 MM I. 3 .X. 

MMHMMa/ibHa5i KOHc|DMrypauM5i KOMnbfoie- 
pa pa6oTbi cepaepa c HacipoMKaMM no 
yMO/lHaHMfO M nOAK/lfOneHHblMM MOAy/i^iMM: 
npoueccop Pentium c nacTOTOM 166 Mfu, 

64 M6aMT onepaiMBHOM naM5iTM m 50 M6aMT 
CBo6oAHoro Mecia Ha >KecTKOM ahck6. 

CymecTByei Asa TMna yciaHOBKM Apache. 
riepBbiM — ycianoBKa c DSO (Dynamic Shared 
Objects). B 3 TOM c/iynae noAK/ifonaeMbie MOAy- 
m no Mepe neobxoAMMOCiM 3arpy>KaK)TC5i b 
naM5iTb, BbiAe/ieHHyfo noA sanycKaeMbiM cep- 
Bep. C OAHOM CTOpOHbl 3TO n03B0/15ieT M36e>KaTb 
CMiyauMM, KorAa b Hy>KHbiM momcht He OKa>KeT- 
C51 HeobxOAMMOrO MOAy/l^l, c APyrOM CTOpOHbl — 
OTHMMaei MHoro MaiuMHHbix pecypcoB, hto npM 
6o;ibiuoM Harpy3Ke na cepeep MO>KeTAa>Ke 
npMBecTM K aaBMcaHMfo. BiopoM, 6o;iee npoM3- 
BOAMie/ibHbiM cnoco6 yciaHOBKM, npeACTae/i^ieT 
co6om cbopKy Apache co CTaiMHecKMMM MOAy- 
TO ecTb c MX Heo6xoAMMbiM HabopoM, 
noAxoA^iiAMM nociaB/ieHHbix aaAan. TaKOM 
cnocob c;io>KHee f\j\5\ yciaHOBKM m KOHcfiMrypa- 
AMM, HO MMOHHO OH, BKyne c chroot- M JaiL-KOH- 
cf)MrypaAM5iMM, name ecero Mcno;ib3yeTC5i xoc- 
TMHrOBblMM KOMnaHM51MM. flpM yCTaHOBKO M3 
KO/uieKAMM nopTOB Apache KOMnM/iMpyeic^i c 
DSO c/ieAytoiAMM obpaaoM: 

# cd /usr/ports/www/apachel3 

# make all install clean 

BaeA^i B AHpeKTopMM /usr/ports/www ko- 
MaHAy Ls, M0>KH0 yBMAeib bonbiuoe KonMneciBO 
AononHMienbHbix MOAy/ieM Apache. Ha- 
npMMep, ecnM Bbi xoiMie aaiAMiMib KOHieHi 
caMia c noMOiAbfo anropMTMa iuMc|DpoBaHM5i 
SSL, BaM noHaAo6MTC5i MOAy/ib mod_ssl: 

# cd /usr/ports/www/mod_ssl 

# make all install 

AHanorMHHO, a^^i noAAep>KKM PHP3 cny>KMT 
MOAy/ib mod_php3 m t. a* KoHcfiMrypaiop aaio- 
MaiMHecKM BHecei HeobxoAMMbie M3MeHeHM5i b 
KOHcfiMrypaAMOHHbiM cfiaMn Apache httpd.conf, 
pacnono>KeHHbiM no yMonnaHMfo b ahpgktopmm 
/usr/Local/etc/apache. EcnM bbm HeobxoAMMO 
caM0CT05iTenbH0 AobaBMib b KOHcfiMrypauMfo 
Hy>KHbie MOAy/iM v\m yAanMib mx, b httpd.conf 
HaAO AobaBMTb cipoKM cneAytonero bmab: 


AddModule . ./modules/viMH_Bamero_MOAyJiH 

ripM CaM0CT051TenbH0M cbopKe M3 MCXOA" 
HMKOB Apache no yMonnaHMfo co6MpaeiC5i 6e3 
DSO. aKTMBauMM MOAy/ieM HeobxoAMMO 
3aAaib napaMeipbi komom^^iamm: 

-activate_module=nyTb_rAe_jie>KviT_MOAyJib 

Ho AO 3Toro Hy>KHO npeABapMienbHO ckom- 
nMnMpoBaib m yciaHOBMib HeobxoAMMbie MOAy- 
m. HanpMMep, BHeApeHM5i SSL b mcxoahm- 
KM Apache BaM noipebyeic^i y>Ke ynoM^inyibiM 
naKei mod_ssl (ftp://ftp.cronyx.ru/pub/mir- 
ror/modssl/source), a TaK>Ke naKei openssl- 
engine-0.9.7b KOiopbiM mo>kho CKanaib c caM- 
la http://www.openssl.org. PacnaKOBbiaaeM m 
yciaHaB^MBaeM nocneAHMM: 

# tar -zxvf openssl-engine-0.9.7b 

# sh config no-idea no-threads -fPIC 

# make 

# make test 

Tenepb yciaHOBMM mod_ssl: 

#./configure — with-apache=../ 
apache_1.3.31 -with-ssl=../ 
openssl-engine-0.9.7b - 
prefix=/usr/local/apache 

# make 

# make install 

AHHaMMHecKMx caMTOB TaK>Ke Macro 
Tpe6yerc5i PHP. CKOHcfiMrypMpyeM m ycraHO- 
BMM MOAy/ib mod_php: 

# ./configure -with-apache=../ 

apache_1.3.31 -prefix=/ 
usr/local/Apache 

# make 

# make install 

He 3a6yAbie ycraHOBMib m caM MOAy/ib PHP: 

# tar -zxvf php-4. 3.0 

# ./configure -prefix=/usr -with- 

apache=../apache_1.3.31 

# make 

# make install 


HaKOHeA, ycraHaanMaaeM can Apache c 
noAAop>KKOM MOAy/ieM. KoHc|DMrypaAMOHHa5i 
crpoKa byAOT Bbirn^iAeTb laK: 

# ./configure -prefix=/usr/local/apache - 
bindir=/usr/bin -sbindir=/usr/sbin - 
sysconfdir=/ usr/local/apache/conf - 
logfiledir=/var/log/ apache -datadir=/ 
usr/local/apache/data -activate- 
module=src/ modules/ ssl/libssl. a - 
enable-module=ssl -activate- 
module=src/modules/php4/ 
libphp4.a -enable-module=php4 

Bee HeobxoAMMbie M3MeHeHM5i byAyi aaio- 
MaiMMecKM BHeceHbi b httpd.conf. noA- 
Aep>KKM DSO npM ycraHOBKe cepBepa HaAO 
yKaaarb napaMerp — enable-shared=all 
yciaHOBKM Bcex MOAyneM, m^m -enable- 
shared=max f\j\s\ yciaHOBKM MaKCMManbHoro 
KonMHecTBa ochobhbix paciuMpeHMM. EcnM He- 
obxOAMMO nOAK/lfOHMIb V\m OTKnfOHMIb KOH- 
KpeiHbiM MOAy/ib, McnonbsyMie napaMerp -dis- 
able(enable)-module=Ha3BaHMe_MOAy/i5i. 

BepHeMC5i K cfiaMny KOHcfiMrypaAMM m npoae- 
A6M npeABapMienbHyfo HacipoMKy cepaepa. B 
HacTHOCTM, A/1^1 paboTbi nporpaMM, HanMcaHHbix 
Ha PHP4 B httpd.conf, hbao AobasMib cipoKM: 

AddType application/x-httpd-php.php 

Addiype application/x-httpd-php- 
source.phps 

OipeAaKTMpyeM cipoKy Directoryindex, 
HTobbi Aaib noH5iTb cepeepy, hto cf)aMnbi tm- » 


Be6-cepBep Xitaitii 


flOCTOMHblM Bbl6op 

Ela6 oamh nonynnpHbiM iN/iacmiaOMpyeivibiM 
BeO-cepeep — Xitanni (http://www.xitanni. 
conn). B oinMHMe oi Apache, oh o6cny>KM- 
Baei Bce coeAMHeHMH (npoivie CGI) b oa- 
HOM npouecce, hto yiN/ieMbmaei KonMueciBO 
ipeOyeiviOM naiN/miM m HarpysKy Ha npouec- 
cop. Xitanni nosBonnei paOoiaib no npoio- 
KonaM FTR CGI/1.1 m SSI, noAAop>KMBaeT 
onpeAenneivibie nonbBOBaieneivi MIME- 
TMHbi, KOH(J)MrypMpoBaHMe cepaepa «na ne- 
iy» M MHoroe APyroe. OaKiMnecKM epasy 
nocne ycianoBKM cepaep roiOB k paOoie. 
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# MHCTA/l/iyiUM51 M HACTPOMKA/_ Be6, FTP M Mail 


» na index. php HaAO o6pa6aTbiBaib KaK cfiaM- 
;ibi no yMO/iHaHMfo: 

Directoryindex index.html index.php 

fl/151 yA06CTBa aAMMHMCTpnpOBaHM51 BMeCie 
c Apache ycTaHaB/iMBaera yTM/ima apachectL, 
MMefoiAa5i c;ieAyK)iAMe napaMeipbi: 

► apachectL start | stop | restart — ciapi cep- 
Bepa , ociaHOBKa m nepesanycK; 

► apachectL configtest — npoBepKa cfiaM/ia 
KOHcfiMrypauMM na oium6km; 

► apachectL startssL — sanycK Apache c SSL 
(npM yc/iOBMM HTO Apache co6paH c noAAep>K- 
KOM OpenSSL). 

C Apache TaK>Ke nocTaB/i5iK)TC5i eme ne- 
CKO/ibKO no/iesHbix yTM/im: httpd-L noKasbiaa- 
ei cnMCOK 3arpy>KeHHbix MOAy/ieM. http_Load 
— lecT cepBepa na npoMSBOAMie/ibHocTb. Hm- 
>Ke npMBeAeH npMMep ncno;ib30BaHM5i no- 
c/ieAHeM KOMaHAbi: 

http_load -rate 10 -seconds 300 urls 

3HaHeHne rate MO>KeT MeH5iTbC5i ot 1 ao 10. 
B HameM npMMepe leci npoBOAHTC5i c MaKCM- 
ManbHO B03M0>KHbiM KonMHecTBOM 3anpocoB. 
BpeM5i lecia — 300 ceKyHA (hto Bnonne ao- 
CTaioHHo). Oann urLs coAep>KMT aApec cepae- 
pa no npoTOKonaM HTTP m HTTPS. 

flanbHeMiuee KOHc|DMrypMpoBaHMe cepeepa 
AOCTaioHHO xopomo oceemeHO b nenaTHbix m 
3neKTpOHHblX MCTOHHMKaX. SaMOTHM TOnbKO, 

HTO KOHc|DMrypauMOHHbm dpam Apache CHa6- 


>KeH MHOrOHMCneHHbIMM KOMMeHTapH51MM, 00- 

3TOMy HacTpoMTb cepsep, o6cny>KMBaK)iAMM 
npocTyfo Be6-CTpaHMHKy, ipyAa He cociaBHT. 

FTP 

BcrpoeHHbie cpeflCTBa 

CiaHAapTHblM, BXOA 511 AMM B 6 a 30 BblM AHCTpM- 
6yiMB FreeBSD FTP-cepaep — ftpd. 

riocKonbKy AaHHbiM cepBMC MHCTannMpyei- 
C51 BMecie c CMCieMOM, onycTMM npoueAypy 
ero yciaHOBKM. aBTOMaiMHecKoro aanycKa 
cepeepa AOCTaioHHo pacKOMMeHTMpoBaib 
cipoKy B cfiaMne /etc/inetd.conf: 

ftpd nowait 400 stream tcp /usr/sbin/ 
tcpd in.ftpd 

TaK>Ke MO>KHO aanycKaib cepeep H3 kombha- 
HOM cipoKM B pe>KMMe StandaLone. 3ioro 
cipoKa ftpd B (jDanne inetd.conf A0/i>KHa 6biib 
3aKOMMeHTnpoBaHa. l/liaK, aanycKaeM cepeep: 

# /usr/libexec/ftpd -D (napaMerp D 

coobmaeT cepeepy, mto oh 
sanycKaeTCH b pe>KviMe AGMona) 

flanee npoeep^ieM ciaiyc cepeepa: 

# netstat -na | grep LISTEN 
mydomain.ru 21 LISTEN 'pesyjibTaT 

BbinOJlHeHMH KOMaHAbi 


Cepeep aanymeH m totob k pa6oie. OaMAbi 
no yMOAHaHMfo pacnonarafoic^i b AnpeKTopnM 
/var/ftp/pub. >KeAaK)iAMx CKOHc|DMrypM- 
poeaib CAy>K6y 6onee tohko HanoMHMM, hto 
B ce KOHc|DMrypauMOHHbie cjDaMAbi pacnoAO>Ke- 
Hbi B AMpeKTopMM /etc/defauLt/ftpd/. 

Bbi6op npo(|)eccMOHa;]a 

HecMOTp5i Ha nanHHHe ecTpoennoro cpeACTea b 
OC, npaKTMHecKM 6e3aAbTepHaTHBHbiM ebi6opoM 
A/151 FTP-cepeepa na nAaTcfiopMe FreeBSD Bbi- 
CTynaeT nporpaMMa Proftpd. 0 ee HaAe>KHOCTM 
M npOM3BOAMTeAbHOCTM TOBOpHT y>Ke TO, HTO 

OHa McnoAb3yeTC5i na caMTe sourceforge.net — 
xocTMHre orpoMHoro hmcab opensource-npoeK- 
TOB. 3 tot cepeep OTAMHaeTC/i ot Apymx 6onb- 
meM 6e3onacHOCTbfo (e tom hmcao no cpae- 
HeHMfo c BCTpoeHHbiM uo yMOAHaHMfo ftpd, 
KOTOpblM MBAO nOAXOAMT C03AaHM51 MOIA" 

Horo FTP-cepeepa), a TaK>Ke 6onee rn6KOM 
HaCTpOMKOM, AOCTOMHOM CTa6nAbHOCTbK), 
KpOCCnnaTClDOpMeHHOCTbK) M nOAAep>KKOM 
6oAbmoro hmcab pasAMHHbix pacmMpeHMM — 
HanpMMep, a/i/i pa6oTbi c MySQL. 

Kbk m b cnynae c ak)6om ApyroM CAy>K6oM 
MAM nporpaMMOM, ycTBHOBKy AaHHoro KAMeHTa 
6yAeTAyHme npoMseecTM m 3 nopTOB. fleAaeT- 
CA 3TO CAeAytoiAMM o6pa30M: 

# cd /usr/ports/ftp/proftpd/ 

# make all install 

# make clean 

ripM OTCyTCTBMM HOAKAfOHeHMA K rA 06 aAb- 
HOM ceTM M0)KH0 ycTBHOBMTb Proftpd M3 oaKe- 
TOB. ripM 3TOM Bbl MO)KeTe CpB3y C 06 pBTb He- 
o6xoAMMbie MOAyAM, Ao6aBMB onuMfo: 

# make -with-modules=${MODULES} 

3tot FTP-cepeep MO>KeT aanycKBTbCA kbk m 3 
/etc/inetd.conf, tbk m c noMOiAbfo cneuMBAb- 
Horo CKpMHTB. B CAyHBO C ynOMAHyTbIM cfiaMAOM 
/etc/inetd.conf hbao CAOABTb CAeAytonee: 

# ftp stream tcp nowait root 

/usr/local/libexec/proftpd proftpd 

# ftp stream tcp nowait root 

/usr/libexec/ftpd ftpd -I 

# ftp stream tcp6 nowait root /usr/libex- 

ec/ftpd ftpd -I » 


FTP-cepBep usftpd 


Ha;ieHbKMM, ho mouihum 

OTAeAbHoro ynoMMHaHMH 3acAy>KMBaeT 
0H6Hb xopoujMM FTP-cepeep noA HaseaHM- 
eiN/i vsftpd (http://vsftpd.beasts.org), koto- 
pbiM pacnpocTpaHHeTCH no AMueHSMM GPL 
M, cooTBeTCTBeHHO, cyiAecTByeT Bcex 
Unix-noAo 6 Hbix onepauMOHHbix CMCTeivi, a 
TaK>Ke Linux. Kpoivie CTaHAapTHbix 
4)yHKi4MM, OH HaAeneH oQuimphsimm coape- 

MeHHblMM B03M0>KH0CTHMM, KOTOpblMM MO- 
ryr noxeacTaTb Aa/ieKO He Bce ananorMH- 
Hbie cepaepbi. Bot neKOTopbie m3 hmx: 

► noAAep>KKa BMpTyanbHbix noAbaoBaTe- 
AeM M IP-KOHcpMrypauMM; 


► noAAep>KKa IPv 6 ; 

► B 03 M 0 >KH 0 CTb LUM(})paUMM nOCpeACTBOM 
aAropMTivia SSL; 

► TOHKan HacTpoMKa m KOHcpMrypauMH npo- 
nycKHOM cnocoQHOCTM, sanpeTOB m paspe- 
meHMM B npMBH3Ke K KOHKpeTHOMy IP M T. n. 
Ha ceroAHHLUHMM aghb noA ynpaaneHMeM 
3Toro cepeepa paQoTaeT orpoMHoe hmcao 
pecypcoB B MHTepneTe, b tom hmcao m 

0H6Hb MOLAHbIX M MBBOCTHblX. ECAM P,n9\ BBC 
Ba/KHbl HBAe/KHOCTb, 6e30naCH0CTb M B03- 
MO/KHOCTb TOHKOrO K0H(|)M rypM pOBaH MH, 
vsftpd CTaHOT XOPOLUMM BbiQopOM. 
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» TaKMM o6pasoM, asmoh 6yAei 3arpy>KaTbC5i 
cpasy npi /1 ciapie cMcieMbi. 

Hto Kacaera Bioporo BapMaHia co CKpMn- 
TOM, TO B /usr/LocaL/etc/rc.d/proftpd.sh. sample 
cymecTByeT cf)aM;i-npMMep, KOTopbm Heo6xoAH- 
MO nepeMMeHOBaib b proftpd.sh m npMCBomb 
npaBa Ha sanycK chmod 755 proftpd.sh. 

B COOTBerCTBMM C L|e;iflMM 

Tenepb npmu;ia nopa Hacipomb FTP-cepaep 
noA HaiuM KOHKpeiHbie Hy>KAbi. aioro He- 
o6xoammo cosAaib (ec/iM no KaKMM-io npMHM- 
HaM 3TO He 6bmo CAe/iano panee) c|DaM;i kohc|dm- 
rypauMM proftpd, a saieM OTpeAaKTMpoBaib ero 
c/ieAytoiAMM o6pa30M b leKcioBOM peAaKiope: 

# cp /usr/local/etc/proftpd.conf. default 
/usr/local/etc/proftpd.conf 

# vi /usr/local/etc/proftpd.conf 

l/liaK, AaeaMie no nop^iAKy paccMoipMM 
pa3nnHHbie om\m v\ bo3mo>khoctm Proftpd, 
a TaK>Ke mx HacipoMKy: 

# Hmh cepBepa 

ServerName "Corporate FTP Server" 

# 3 anycK AGMona (mh paccMorpuM cjiyuau 
c McnojibsoBaHvieM inetd) 

ServerType inetd 
DefaultServer on 
Serverldent off 

Ecam cepaep HaxoAHTC5i b noKanbHOM ceiM, 
aanacTyfo Tpe6yeTC5i npeAOCTaBMib root-noAb- 
aoBaienfo B03M0>KH0CTb coeAHH5iTbC5i no npo- 
TOKony FTP b uen^ix aAMMHMCTpnpoBaHM5i. 

RootLogin on 

# flajiee mabt CTanAapTHbiu FTP-nopr 
Port 21 

# MacKa ajih orpaHMuenviH cosAanviH 

AVipeKTOpVlM M (J)aMJ10B 
Umask 022 

# nojibsoBarejib vi rpynna, 

noA KOTopoM padoTaeT agmoh 
U ser admin 
Group nogroup 


Bboagm Heo6xoAMMbie orpaHHHeHM5i m co- 
OTBeiCTByfoiAMe npeAynpe>KAeHM5i: 

MaxClients 50 "JImmvit KOjmuecTBa 

coeAviHenviM c cepaepoM AOCTurnyT" 
MaxClientsPerHost 5 "%m KjmeHTa 
y>Ke noAKjnoueHbi c aamero xocra, 
dojibiue He paspemeno" 
MaxLoginAttempts 10 

"Cjivuukom MHoro nonbiTOK bomtm" 

OrpaHMHeHMe ipacfiMKa TaK>Ke 6yAei BecbMa 
noAe3HO. B AannoM npMMepe Mbi orpaHMHMBa- 
eM noAOcy nponycKaHMA b o6e CTopoHbi na 
ypoBHe 256 K6m/c Bcex noAbaoBaieAeM: 

TransferRate RETR,ST0R,APPE 256 

ripM BxoAe Ha FTP-cepaep mo>kho ocyme- 

CTBMTb BbIBOA BCeB03M0>KHblX COoGlAOHHM. 

Bot He6oAbmoM npMMep: 

DisplayConnect / etc/ ftp_connect .msg 
DisplayLogin /etc/ftp_login.msg 
AccessDenyMsg "flocryn k cepaepy 

B AaHHblM MOMCHT HeB03M0>KeH" 

AccessGrantMsg "Tenepb bh MO>KeTe 
CKauMBaTb/saKauviBaTb (J)aMJibT' 
DisplayGoAway "B Aocryne OTKasano" 

TaK>Ke M0>KH0 3aAaib IP-aApeca, bxoa c 
KOTopbix paapemeH mam aanpemeH: 

#UseHostsAllowFile /etc/proftpd. allow 
#UseHostsDenyFile /etc/proftpd. deny 

Pa3AMHHbie BpeMeHHbie orpaHMHeHMA Ha 
npoBOAOHMe pAAa onepauMM ycTanaBAMBafOTCA 
nyieM Ao6aBAeHMA CAOAytoiAMx cipoK (apeMA 
B AaHHOM CAynae yKaabmaeicA b ceKyHAax): 

Timeoutidle 60 
TimeoutLogin 60 
TimeoutNoTransfer 360 
TimeoutStalled 720 

Mo>kho 3aAaib noAbaoBaieAAM c paaAMH- 
HblMM npMBMAerMAMM B03MO>KHOCTb AOCTyna K 
OTAOAbHbiM nanKBM. FlanpMMep, root: 

DefaultRoot / wheel 


Flo yMOAHaHMfo cepaep He noaeoAAei noA- 
KAfonaibCA anoHMMHOMy noAbaoBaieAfo. Hto- 
6bl CHATb 3TO OrpaHMHeHMe, HaAO A06aBMTb 
CAeAytonyfo cipoKy: 

DefaultRoot nyTb_AO_nanKu users 

BaAaHMe «AOMamHeM» noAbaoBaieAbCKOM 
AMpeKTopMM ocymecTBAAeicA CAeAytoneM 
HeCAO>KHOM CipOKOM: 

DefaultRoot noAb3oaaTeAbCKaH_ 

AvipeKTopviH noAb3oaaTeAb 

Fie CTOMT 3a6biBaib m o laKOM Ba>KHOM o6- 
CTOAieAbCTBe, KaK BeAeHMe Heo6xoAMMbix 
Aor-cf)aMAOB. BnponeM, a-h^ HanaAa Mbi co3Aa- 
AMM Heo6xOAMMbie CfiaMAbl M AHpeKTOpMM CAe- 
AytoiAMMM KOMaHAaMM: 

# cat > /var/log/proftpd-error.log 

# cat > /var/log/proftpd-tranfer.log 

# mkdir /var/run/proftpd/ && cat 

/var/ run/ proftpd/proftpd. scoreboard 

Tenepb eepHeMCA k cfiaMAy KOHcfiMrypauMM 
M Ao6aBMM TyAa CAeAywuMe cipoKM: 

SyslogLevel notice 

UseReverseDNS off 

TransferLog /var/log/proftpd-tranfer.log 

SystemLog /var/log/ proftpd-error.log 

PaccMOipMM HacTO B03HMKafoiAyfo 3aAany — 
oGecneneHMe Aociyna aHOHMMHbix noAbaoBaie- 
AeM Ha FTP-cepaep. flAA ee pemeHMA neoGxo- 
AMMO A06aBMTb B KOHCflMrypaUMOHHblM cfiaMA 
CAeAytoiAMM paaAOA: 

<Anonymous /nyTb_K_AvipeKTopvivi_ 
AAH_aHOHMMHbIX_nOAb30BaTeAeM> 

User anonftp 

Group nogroup 

User Alias anonymous anonftp 

MaxClients 50 "JImmvit b %m noAbsoBaTeAeii 
AOCTurnyT, nonpobyuTe sauTvi no3>Ke" 

DisplayFirstChdir .message 
<Limit WRITE> 

DenyAll 

</Limit> 

</Anonymous> » 
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# MHCTA/1/i;iUMn M HACTPOMKA/_ Be6, FTP M Mail 


» C;ieflMTe sa ouiM 6 KaMM 

Bbi MO>KeTe M Aa^biue HacTpaMBaib cbom cep- 
Bep noA cneuMc|DMHecKMe saAaHM, KOTopbie Ha 
Hero B03/iaraK)TC5i. Mbi npnBe;iM lo/ibKO caMbie 
OCHOBHbie CBeAeHM51 M HaCipOMKM, KOTOpbie 
npnroA5iTC5i B ;ik)6om c/iynae. He 3a6biBaMie 
noc/ie BBOAa b SKcn/iyaTauMfo nepMOAMHecKM 
npoBep5iTb cocT05iHMe Bamero FTP-cepaepa, 
aHa;iM3Mpy5i /lor-cfiaM/ibi: 

# tail -f /var/log/proftpd-error.log 

HeCTHbIM noHiaHT 


rioA FreeBSD cymecTByei 6o;ibiuoe hmc/io noH- 
TOBbix cepaepoB, ho HanneM Mbi c Bcipoennoro 
B OC SendmaiL 6o;ibiuMHCTBa iMnoBbix 
KOHcfiMrypauMM B03M0>KH0CTeM 3Toro cepeepa 
6yA6T eno/iHe AOCTaioHHO. 

Ha aecb flOMeH 

Bbi MO>KeTe OTnpaB/i5iTb noHiy ;iK)6oMy BHem- 
HOMy aApecaiy, ec/iM y eac aanymen cbom 
DNS-cepeep m;im npasM/ibHO cociaB/ieH c|DaM;i 
/etc/resoLv.conf. Tenepb Hy>KHO nacipoMib 
SendmaiL laK, HTo6bi no/ibaoBaie/iM eamero 
xocia no/iyna/iM cbok) noHiy. OneBMAHO, hto 
A/151 3Toro Bam cepaep AO/DKen MMeib ciaiMHe- 
CKMM IP-aApec, a yciaHOB/ieHHbiM 6paHAMayap 
nponycKaib SMTP-naKeibi. He;iMmHMM 6yAei 
CBepMTbC5i M CO c/iy>K6oM DNS: aanncb MX 
AO/DKHa cooTBeTCTBoeaTb IP-aApecy eamero 
xocia. ripeAno;io>KMM, hto noHiOBbiM cepeep 
6yA6T nocT05iHHO noAK/ifonen k l/lHiepHeiy. 
TorAa ero MX-aanncb MO>KeT Bbir;i5iAeTb laK: 

myhost.ru IN MX 10 mail.myhost.ru 


Tenepb npnm/io epeM5i yciaHOBMib 
SendmaiL CsernyK) eepcMfo mo>kho aarpyanib 
c ftp://ftp.sendmaiLorg/pub/sendmail/. 
YciaHOBKa SendmaiL HMHeM ne OT/iMHaeic^i ot 
A pyrMx nporpaMM, na nen Mbi ocTanaB/iMBaTb- 
C51 He 6yA6M. FlepeMAeM k KOHcfiMrypMpoBa- 
HMfo noHTOBoro cepeepa. HM>Ke npMBeAena 
MHC|D0pMaUM51 o6 OCHOBHbIX KOHCflMrypaUMOH- 

Hbix cfiaM/iax SendmaiL: 

► /etc/mail/access — cf)aM;i, onpeAe;i5no- 
lAMM, KaKMe xocTbi MMeiOT Aociyn k /lOKa/ib- 
HOMy noHTOBOMy cepeepy, m imh npeAOCTae- 
;i5ieMoro Aociyna. 

213.33 RELAY 

HanpMMep, npM laKOM aanncM 6yAei paa- 
pemena nepecbi/iKa nonibi ot cooiBeiCTByK)- 
mero AHanaaoHa xoctob. 

► /etc/maU/aLiases — 6aaa AaHHbix c cmho- 

HMMaMM nOHTOBbIX 5UAMK0B. B npMMOpe HM>Ke 
noHia Ha aApec general paccbi/iaera na ipn 

JlOKa/lbHblX nOHTOBbIX 5UAMKa. 
general: ivan, petr, masha 

► /etc/mail/Local-host-names — cnncoKno- 

Ka/lbHblX AOMeHOB M XOCTOB, KOTOpbIX 
SendmaiL npMHMMaei noniy. 

► /etc/maU/maUer.conf — chmcok bchomo- 
raie/ibHbix noHioebix nporpaMM, ebiabieaioiAMx 
SendmaiL nepea o6onoHKy mailwrapper. 

► /etc/maiL/maiLertable — lab/iMua nonioebix 
AOMeHOB, Ha KOTopbie HaAO nepecbmaib Koppe- 
cnoHAeHAMfo. Floneana, nanpMMep, b tom cny- 
Hae, KorAa y KOMnaHMM ecib necKO/ibKO cfiMnna- 
nOB — Ka>KAblM CO CBOMM nOHTOBbIM AOMOHOM. 

► /etc/mail/sendmaiLcf — ochobhom c|DaM;i 
HacipoMKM noHTOBoro cepeepa, ynpaen^uoiAMM 


HacTpoMKa BMpiya/ibHoro xocTWHra 


KawAOMy - no ncoBAOHMMy 

HacTO OAMH cepeep oCcnyiKMeaei HecKonb- 
Ko caMTOB. B TaKOM cnynae f\n9\ OAHoro cpM- 
SMHecKoro MHTepct)eMca HasHanaeTcn He- 
CKonbKO ceieBbix aApecoB. 3 tmm ceieebiivi 
aApecaivi npHceaMBaiOTCH nceBAOHMMbi 
(Alias). VAoCHee Bcero AoCaennib onnca- 
HMH nceBAOHMMOB B cpaPm /etc/rc.conf. B 
o6u^eivi cnynae alias BbirnnAMi lan: 


ifconfig_fxpO_aLiasO="inet xxx.xxx.xxx. 

XXX netmask xxx.xxx.xxx.xxx" 

Mo>kho cosAaBaib mo6oe KonMnecieo 

nceBAOHMMOB, HO nepBbIM M3 HMX AO/l>KeH 
6biTb ynasaH kbk aliasO, m Aanee onpeAO- 
neHMH AO/i>KHbi cneAoeaib no nopnAKy. 


obiAMM noeeAeHMeM SendmaiL Flocne BHece- 
HM51 B 3T0T CpaMn M3MeHeHMM nOHTOBbIM Cep- 
eep HeobxoAMMO nepeaanycKaib. 

► /etc/mail/virtusertable — lab/iMUbi conoc- 
laeneHMM BMpiya/ibHbix no/ibaoeaie/ieM m ao- 
MeHOB c pea/ibHbiMM noHioebiMM ^uamkbmm. 

SendmaiL — oneHb rnbKa^i e KOHCpMrypMpo- 
BaHMM nporpaMMa, coAep>KaiAa5i 6ecHMc;ieHHoe 
KO/iMHecTBO onuMM. rioApobHoe onMcaHMe Bcex 
cpaMnoB M npMMepbi mx coAep>KMMoro mo>kho 
H aMTM B obteMHOM cnpaBKe /usr/src/contrib/ 
sendmaiL/cf/README (npMeeciM mx aAecb He 
no3Bo;i5ieT obteM AannoM CTaibM). 

Eojibuie noHTOBbix OTne;ieHMM 

l/lHorAa BoaHMKaei CMiyauM^i, KorAa naAO noA- 
Aep>KMBaTb HecKonbKO BMpiyanbHbix noHTO- 
Bbix cepeepoe: nanpMMep, ecnM y eac ne- 
CKonbKO AOMeHOB, HO HaAO, HTobbi noHia 
npMxoAM/ia TO/ibKO Ha oamh xoct. FlpeAnono- 
>KMM, y eac ecib aomoh officel.ru, a earn xoct 
H a3bieaeTC5i maiL.myhost.ru. B stom c/iynae 
DNS HaAO HacipaMBaib cneAyioiAMM obpaaoM: 

officel.ru MX 10 mail.myhost.ru 

ripM 3T0M, ecnM BOaHMKHei HeobxOAM- 
MOCTb KaKMM-nMbo obpaaoM obpaiMTbC5i k 
xociy officel.ru, y eac ep5iA hm Hio-nubo no- 
nyHMTC5i bea A-aanMCM f\j\s\ Hero. 

Tenepb ocia/iocb lo/ibKO coobiAMib npo- 
rpaMMe SendmaiL, f\j\5\ KaKMx AOMenoe m^m xo- 
ctob OHa AO/DKHa npMHMMaib noniy. Ecib ne- 
CKO/ibKO cnocoboB CAe/iaib 3 to: 

► AobaBMTb HaaeaHM/i 3tmx xoctob b cpann 
/etc/sendmaU.cw, ec/iM Bbi Mcnonbayeie 
Feature(use_cw_fUe). SendmaiL eepcMM 
8.10 v\m Bbime yAobnee OTpeAaKTMpoBaib 
cpaMn /etc/maiL/LocaL-host-names. 

► AobaBMTb cipoKy Cwyour.host.com e cpaM/i 
/etc/sendmaU.cf m^m /etc/mail/sendmaiLcf (e 
TOM cnynae, ec/iM eepcM/i ebime 8.10). 

BnpoHOM, Aa/iOKO He ece CMCieMHbie aAMM- 
HMCipaiopbi mob/iT nonbaoeaibc/i SendmaiL, 
noTOMy HTO OHa CHMiaeic/i eecbMa y/iaeMMOM 
A/i/1 yAa/ieHHbix aiaK. OiK/ifOHMTb SendmaiL 
oneHb nerKo: aioro AOCTaioHHO Bcero 

numb BHecTM cneAyioiAMe KoppeKiMBbi b 
cpaMn /etc/rc.conf: 

sendmail_enable="NONE" » 
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» flaeaMie lenepb no3HaKOMHMC5i c a/ibiepHa- 
TMBHblMM nony;i5ipHblMM nOHTOBbIMM CepBepaMM. 

Hofly;ibHbiM Qmail 

A/ibiepHaiMBOM nony;i5ipHOMy SendmaiL 
eTC5i QmaiL Oh HecKO/ibKO npome b HacipoM- 
Ke, 6e3onacHee m TaK>Ke o6;iaAaeT Hen/ioxoM 
npoM3BOAMTe;ibHOCTbK). Ha KOMnbfoiepe c 
npoueccopoM K/iacca Pentium QmaU/ierKO 
o6pa6aTbiBaei CBbiiue 200 ibic. oiAe/ibHbix 
nOHTOBbIX COo6meHMM B ASHb. CKaHaib M ca- 
M0CT051Te;ibH0 yCiaHOBHTb CepBep H3 MCXOA" 
Hbix KOAOB M0>KH0, HanpMMep, c CaMia 
http://cr.yp.to/software. Oau/i noc/ieAHeu 
BepcMM nporpaMMbi — qmaU-1.03.tar.gz. Ho 
caMbiM npocTOM cnoco6 yciaHOBKM QmaU — 
yciaHOBKa H3 KO/uieKUMM nopiOB. 

# cd /usr/port s/mail/ qmail- tls 

# make all install -DWITH_BIG_TODO_PATCH 

ripM 3T0M 3arpy3MTC51 M 0TK0MnMnnpyeTC51 
BepcM5i noHTOBoro cepBepa Qmail c noAAep>K- 
KOM SSL- iAJ]iA TLS-lUMC|DpOBaHM51. 

Ec/im Bbi HaMepeBaeiecb b Aa/ibHeniueM 3 a- 
lAMTMTb noHTOByfo CMCTOMy OT BMpycoB M cna- 
Ma c noMOiAbfo GPL-nporpaMM Clam Antivirus 
M SpamAssassin, to Qmail Hy>KHO KOMnnnMpo- 
Baib c onqMeM with_qmailqueue_patch. 

# make certificate 

# cp work/servercert.pem /var/qmail/ 

control/servercert.pem 

# chmod 640 

/var/qmail/control/servercert.pem 

# chown qmaild: qmail 

/var/qmail/control/servercert.pem 

# make clean 

# cp /etc/rc.conf /etc/rc.conf.bak 

# grep -v sendmail_enable /etc/rc.conf > 

/etc/rc.conf2 

# echo 'sendmail_enable="NONE'" » 

/etc/rc.conf2 

# mv /etc/rc.conf 2 /etc/rc.conf 

# rm /usr/sbin/sendmail 

# cp /var/qmail/bin/sendmail 

/usr/sbin/Sendmail 

B npMBeAeHHOM Bbiiue noc/iOAOBaie/ibHOCTM 
KOMaHA Mbi no/iyHMnM cepTMcfiMKaT Qmail m 
npoM3Be;iM HeKOTopbie HacipoiiKM cMcieMHoro 
OKpy>KeHM5i yAa;ieHM5i SendmaiL VcTaHo- 
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BUM Tenepb naKei ucpi-tcp, no3Bo;i5iK)iAMM mc- 
no;ib30BaTb Qmail 6ea cynepcepaepa inetd. 

# cd /usr/ports/sysutils/ucspi-tcp 

# make extract 

# cd work/ 

# fetch http://www.qmail.org/ucspi-rss.diff 

# patch <ucspi-rss.diff 

# rm ucspi-rss.diff 

# cd ../ 

# make install clean 

XopoiuMM pemeHMeM 6yAei yciaHOBMib 
vpopmail— MHCipyMeHT a/i^i aAMMHMCTpnpoBa- 
Hm BMpiya/ibHbix AOMeHOB m aKKayHTOB QmaiL 
a TaK>Ke ezmlm-idx — MeHeA>Kep Men/i-jiMCTOB. 

# cd /usr/ports/mail/vpopmail 

# make all install clean 

# cd /usr/ports/mail/ezmlm-idx 

# make all install clean 

# cp /usr/local/etc/ezmlm/ezmlmrc. sam- 

ple /usr/local/etc/ezmlm/ezmlmrc 

aAMMHMCTpnpOBaHM51 aKKayHTOB nOH- 
TOBoro cepaepa ycTanoBHM Qmailadmin. C ero 


noMOiAbfo MO>KHO C03AaaaTb noHTOBbie 5 Uamkm, 
MeM/i-jiMCTbi M ocymecTBn5iTb MHome Apyrne 
onepauMM nepea Be6-nHTepc|DeMC. 

# cd /usr/ports/mail/qmailadmin 

# make extract 

# cd wo rk/qmailadmin- 1.2.0 

# ./configure -enable-cgibindir=/ 

path/to/your/cgi-bin -enable- 
htmldir=/ p ath/ 1 o/your/html/ directory 
-enable-autoresponder-path=/usr/ 
local/bin/qmail-autoresponder 

# make && make install- strip 

EcTecTBeHHO, 3HaHeHM5i oui\m yKaabiaafo- 
lAMx Ha AnpeKTopnM cgi-bin m htmt AO/DKHbi 
cooTBeTCTBoaaTb HacTpoMKaMM Bamero ae6- 
cepaepa. Qmailadmin ycTanoBnen. Tenepb, hto- 
6bi nonacTb b aAMMHMCTpaTopcKMM HHTepcfieMC, 
AOCTaTOHHo Ha6paTb b 6payaepe http://www. 
yourhost.com/cgi-bin/qmailadmin. 

rioMMMO ynoM5iHyTbix Bbiiue nporpaMM, 
no/iesHo 6yA6T ycTanoBMTb TaK>Ke daemon- 
tools (http://cr.yp.to/daemontools.html) — 
OTnMHHblM naKOTyTHnHT o6c/iy>KMBaHM5i 
cepBMCOB. HHI? 


BesonacHOCTb 


rioHTa 6es cnaMa m BMpycoa 


CaiVIblM MSBeCTHbIM B POCCMM np0M3B0AM- 
Tenb aHTMBMpycHbix nporpaiviM pa6o- 
HMX CTaHUMM, «/la6opaTopnH KacnepcKoro» 
yAenneT BHHiviaHMe m MH^opiviauMOHHOM 6e- 
sonacHOCTM cepaepHbix ckiCTeivi. «Ahtmbm- 
pyc KacnepcKoro» f\n9\ FreeBSD/OpenBSD 
Mail Servers cnocoQeH HHTerpi/ipoBaTbcn b 
noHTOBbie CMCTeMbi SendmaiL Qmail, 

Postfix M Exim. B peiKMivie peanbHoro ape- 
ivieHM nporpaiviivia npoeepHT He TonbKO 
npMKpenneHHbie k nMCbMaM (})akmbi, ho m 
T eno nMCbivia, m BHOApeHHbie b Hero OLE- 
oQiDeKTbi. Ben oCnapyiKeHnan noAOspM- 
TenbHan i/mi/i MH^miMpoBaHHan KoppecnoH- 
AeHi4i/m MO>KeT QbiTb OTnpaBnena b «Kapan- 
TMH». npi/i 3T0M aAMMHMCTpaTopy OTupaanH- 
eTCH cooQLAeHkie c oni/icaHi/ieM BpeAOHOC- 
Horo KOAa, aApecaiviM OTnpaBMTenn m nony- 
HaTenn m HasBaHMeivi BMpyca. AHTHBkipyc 
cnocoQen HHTerpHpoBaTbcn c CMCTeiviOM 
yAaneHHoro aAMMHMCTpMpoBaHMH Webmin. 


rioivimvio BMpycoB, nocTOHHHoe QecnoKOMCT- 
BO AOCTaanneT Tame HeiKenaTensnan Kop- 
pecnoHAeHUMH percnaiviHoro xapaKTepa — 
cnaivi. lXn9] 6opb6bi c hum «/la6opaTopnH 
KacnepcKoro» paspaQoTana CMCTeiviy 
Kaspersky Anti-Spam. Ona paQoTaeT Kan 
OTAenbHbiM cepeep c|)MnbTpai4m/i Mni/i coBivie- 
CTHO c noHTOBbiMM cepBepaiN/iM SendmaiL 
Qmail, Communigate Pro, Postfix m Exim. 
HaAe>KHyio (})MnbTpai4mo cooQiAeHMM o6ec- 
neHMBaKDT BbinycKaeivibie pas b Aaa naca 
obHoeneHHH. rioAAep>KMBaiOTCH onepauMOH- 
Hbie CMCTeivibi Linux m FreeBSD 4.X. 
ripoAyKTbi «/la6opaTopnM KacnepcKoro» 
npocTbi B ycTanoBKe m nacTpoMKe, mvieiOT 
xopomyio TexHi/inecKyio noAAep>KKy, ho ne- 
AemeBbi. B KanecTBe ansTepnaTHBbi mo>kho 
peKOivieHAOBaTb pacnpocTpaHneivibie noA 
nmieHSMeM GPL QecnnaTHbie Clam AntiVirus 
(http://www.clamav.net) m SpamAssassin 
(http://spamassassin.apache.org). 
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Henpeoflo/iMMbiki 

6apbep/_. . . 


HacrpoMKa 6 e 3 o n a c h o c t m cepaepa 

CoBpeMeHHbiM 1/lHTepHei mo>kho ynoAo6mb 6o;ibiiJOMy Merano/incy — 
HacTO/ibKO ujupoKM ero bo3mo>khoctm m pa3Hoo6pa3Ha npeACiaB/ieHHaji b 
H 6M MHCjDOpMaAMfl. Ho eC/lM Bbl BCepb63 peUJM/lM npOnUCaibCfl B 3TOM «ro- 
poA6», Heo6xoAMMO npaBM/ibHO opraHM30Baib 3aiAmy, Koiopaji noMO>KeT 
M36aBMTbCfl He TO/ibKO OT XBKepcKMX aiBK, HO M OT c/iyHaMHbix oujm6ok. 


Hto TaKoe firewall? 


rioA aHmMMCKMM TepMMHOM firewaU (6yK- 
Ba/ibHo «orHeHHa5i CTeHa» — 6paHAMayap, 
orHeynopHa^i cieHKa, pasAe/i^ifoma^i CMe>KHbie 
3AaHM51 M/IM HaCTM OAHOTO CTpoeHM51 B npOTM- 
Bono>KapHbix Ae;i5ix) ceroAH5i noApasyMCBa- 
eTC5i CMCieMa m/im rpynna cmct 6 m, annapai- 
Hbix M/iM nporpaMMHbix, KOTopbie pea/iMsyfOT 
npaBM/ia ynpaB/ieHM5i AOCiynoM Me>KAy cei5i- 
MM. ripM 3TOM, KaK npaBM/lO, OAHa HaCTb 3TMX 
CMCT6M pa6oTaei Ha 6/ioKMpoBaHne nHc|Dop- 
MauMM, a Apyra5i — Ha nponycK. 

CaMoe r/iaBHoe npM Bbi6ope firewaU m ero 
MCnO/lbSOBaHMM — 3Haib M nOHMMaib, HTO 
MMeHHO M KaKMM o6pa30M Bbl XOTMTO 6/lOKM- 
poBaib M/iM nponycKaib. Ec/im Bbi ncno;ib3ye- 
le CBOfo BSD-CMCieMy b KaneciBe AOMamneM 


pa6oHeM ciaHAMM, 3 to aobo/ibho npocTO. fo- 
pa3AO c;io>KHee pea;iM30BaTb na npaKiMKe 
KopnopaiMBHyK) no/iMTMKy 6e3onacHOCTn: ko 
B ceMy npoHOMy, ona AO/i>KHa BK/ifonaib eme 
M A^HHHbiM cnMCOK BHeceTOBbix Meponpn5i- 
TMM, 6e3 KOTOpbIX HaCT05UAyi0 MHC|DOpMaUMOH- 
Hyio aaiAMiy nocipomb HeB03M0>KH0. KpoMe 
Toro, npM nocipoeHMM firewaU naAO noMHMib, 
HTO Bam ceTOBOM 3KpaH — 3TO Bame «;imao» 

B ceTM, cnoco6Hoe C03AaTb penyTaumo m;im 
noAopaaTb ee, a c;ieAOBaTe;ibHO, noBbicMTb 
M/IM CHM3MTb BamM B03M0>KHbie AOXOAbl. 

Bo/lbmMHCTBO CMCTOMHblX aAMMHMCTpaTOpOB 
He ynycT5iT c/iyna^i b myTKy ynpeKHyTb KO/uiery 
B M3;iMmHeM MHMTe/ibHocTM M «cMCTeMHOM na- 
paHOMe». Ho ec/iM roBopnTb cepbeano, to Ka>K- 
AblM, KTO BbICTpaMBaeT CMCTOMy 6e30naCH0CTM, 
AO/DKOH nOMHMTb: MACa/lbHO SaiAMlAeHHblM » 
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» MO>KHO Haseaib jimub tot KOMnbfOTep, KOTopbm 
B AaHHbiM M0M6HT H6 pa6oTa6T. BC6 C/iy>K6bl, 
KOTopbie Bbi co6npaeTecb CAe/iaTb AOCTynHbiMM 
ce65i M/iM CBOMx no/ibsoBaTe/ieM, MoryT OKa- 
3aTbC5i «;ia3eMKOM» A^^ 3/ioyMbiiu;ieHHMKa, 
CTpeM5UAeroc5i B3/iOMaTb Bamy CMCTOMy. 

rioAo6Hbm noAxoA Hame/i OTpa>KeHMe b no- 
jiMTMKe 6e3onacHocTM «Bce aanpeTMTb, paape- 
maTb TO/ibKO Hy>KHoe». Ho oh ho 5iB;i5ieTC5i 
eAMHCTBeHHo BepHbiM. KaK noKaabiBaoT npaK- 
TMKa, MHorAa ropaaAO yAo6Hee ncno;ib30BaTb 
npMHAMn «Bce paapeiuMTb, aanpoTMTb TO/ibKO 
HeHy>KHoe». flpM stom npHMOHeHMe «3anpeTH- 
Te;ibHOM» no/iMTMKM oaHanaeT 6o/iee BbicoKyfo 
CTOMMOCTb Hana/lbHOM HaCTpOMKM, a npHMOHe- 
HM6 «pa3peiuMTe;ibHOM» B/ieneT aa co6om aa- 
TpaTbi Ha nepMOAMHecKyfo noAAep>KKy. 

EcTb eme OAMH Ba>KHbm acneKT 6eaonacHo- 
CTM, KOTopbiM c/ieAyeT MMOTb B BMAy. FirewaU 


He MO>KeT aaiAMTMTb Bamy ceTb ot aTaK, koto- 
pbie npoxoA^iT MMMO Hero. MHorne pyKOBOAM- 
Te/iM KOMnaHMM, noAK/iK)Ha5icb K r;io6a;ibHOM 
ceTM, 6o;iee Bcero onacafOTC5i noTeHAna;ibHOM 
yTeHKM KOHCf)MAeHAMa;ibHOM MHC|DOpMaUMM. 

Ho, K 6o;ibmoMy HecHacTbfo, «yBecTH» mh- 
CflOpMaUMK) C nOMOlAbfO o6blKHOBeHHOM AUC- 
KeTbi HMHyTb He c;io>KHee, neM nyTeM Ba/iOMa 
aaiAMiAeHHOM KopnopaTMBHOM ceTM. KpoMe 
Toro, HeM 6o;ibme KOMnaHH5i, TeM Bbime Bepo- 
51THOCTb TOrO, HTO B HeM HaMAeTC51 KTO-TO, 
cnoco6HbiM no omM6Ke CTepeTb m;im Mcnop- 
TMTb HaM6o;iee Ba>KHbie AaHHbie. K co>Ka;ie- 
HMfO, OT OnaCHOCTOM, HaXOA51lAMXC51 «no 3Ty 
CTopoHy» 6paHAMayapa, ceTOBOM axpan Bac 
TO>Ke He aaiAMTMT. 

Toro HTo6bi npaBM/ibHO nacTpoMTb ceTe- 
BOM SKpaH, HaAO paao6paTbC5i, KaKMe npMHUM- 
nbi ;ie>KaT b ocHOBe ero pa6oTbi. Ka>KAbiM na- 


KeT, KOTopbiM nonaAaeT b firewaLL, npoBep5ieTC5i 
Ha coBnaAeHMe ero MHc|DopMauMOHHoro coAep- 
>KaHM5i c aaAaHHbiMM npaBM/iaMM. flpoBep^ifOT- 
cs\, KaK npaBM/io, c/ieAytoiAMe napaMeTpbi: 

► TMn naKOTa (TCP, UDP, ICMP); 

► aApec, c KOToporo npMme;i naKOT (mctohhmk); 

► nopT MCTOHHMKa; 

► aApec, Ha KOTopbiM OTnpaB/i5ieTC5i naKOT 
(cfiaKTMHecKMM no/iyHaTe/ib); 

► nopT no;iyHaTe;i5i; 

► Cf)M3MHeCKMM MHTepcfieMC ABM>KeHM51 naKOTa. 
CoAep>KMMoe naKOTa b AannoM c/iynae ne 

MMeeT HMKaKoro ananeHM^i. TaKoPi hoaxoa 
MM eeT CBOM HOAOCTaTKM (HanpMMOp, HOT B03- 
M0>KH0CTM aHa/iM3MpoBaTb Tpac|DMK, nepoAa- 
BaeMbiM npoTOKO/iaMM npMK/iaAHoro ypoBH5i). 
OAHaKO noAo6Hyfo npoueAypy o6pa6oTKM 
MO>KHO BK/lfOHaTb HenOCpeACTBeHHO B 51AP0 
onepauMOHHOM CMCTeMbi. » 


HacTpoMKa IPFlil 

JlMCTMHr 1 . OaM/i rc.fireuall 


fwcmd =Vusr/bin/ipfw -q" 

$ {fwcmd} add pass all from any 

# PaspemaeM padoTy c DNS-cepaepaMu. 

# OnvicbiBaeM ceTb vi viHTep(J)evicbi. 

to any via loO 

$ {fwcmd} add pass udp from any to any 53 

# BneiuHvivi viHTep^evic. 


$ {fwcmd} add pass udp from any 53 to any 

oint="vx0" 

# PaspemaeM Tpa^viK tojibko 



B npeAejiax jioKajibHoii ceTvi. 

# PaspemaeM padoTy c NEWS-cepaepaMvi. 

# BneiuHvivi IP-aApec. 

$ {fwcmd} add pass all from any 

$ {fwcmd} add pass udp from any 

oip="200.200.200.1" 

to any via ${iint} 

to any 119 out via vxl 



$ {fwcmd} add pass udp from any 119 

# BnyTpeHHviM viHTep(J)eMC. 

# PaspemaeM npoxo>KAeHMe 

to any out via vxl 

iint = "vxl" 

ICMP-naxeTOB. 



$ {fwcmd} add pass ICMP from any to any 

# PaspemaeM sadop nouTbi 

# BnyTpeHHviM IP-aApec. 


no P0P3-npoTOKOJiy. 

iip="192. 168.1.1" 

# PaspemaeM padoTy c SMTP-npoTOKOJiOM. 

$ {fwcmd} add pass udp from any to any 110 

mask="255.255.255.240" 

$ {fwcmd} add pass tcp from any 

$ {fwcmd} add pass udp from any 110 to any 


to any 25 out 


# SanpemaeM npoxo>KAeHvie 

$ {fwcmd} add pass tcp from any 25 

# PaspemaeM padoTy c FTP-cepaepaMM 

(J)parMeHTvipoBaHHbix naxeTOB. 

to any out 

${fwcmd} add pass tcp form any 21 to any 

$ {fwcmd} add deny icmp from any to any frag 


$ {fwcmd} add pass tcp from any to any 21 


# PaspemaeM padoTy 

${fwcmd} add pass tcp from any 20 to any 

# SanpeiAaeM NetBios-Tpa(J)MK 

c HTTPS-npoTOKOJiOM. 

$ {fwcmd} add pass tcp from any to any 20 

BHe JlOKaJlbHOM ceTM. 

$ {fwcmd} add pass tcp from any 


$ {fwcmd} add deny udp from any 

to any 443 out 

# PaspemaeM AOCTyn c AOMamneM 

137-139 to any via ${oint} 

$ {fwcmd} add pass tcp from any 443 

MamviHbi aAMMHvicTpaTopa, viMeKDiAeu 

$ {fwcmd} add deny udp from any to 

to any out 

IP 200.200.200.15. 

any 137-139 via ${oint} 


${fwcmd} add pass tcp from 


# PaspemaeM padoTy c HTTP-npoTOKOJiOM. 

200.200.200.15 to any 

# PaspemaeM Tpa(J)viK no jioxajibHOMy 

$ {fwcmd} add pass tcp from any to any 80 

${fwcmd} add pass tcp from any 

MHTep(J)eMcy. 

$ {fwcmd} add pass tcp from any 80 to any 

to 200.200.200.15 
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HacTpoMKa IPFlil 


JlMCTMHr 2. 

4>aM;i fireuall.sh 

#!/bin/sh 

# SanycKaeM natd 

c cooTBeTCTByioinviMvi napaMCTpaMvi. 
natd -use_sockets -same_ports -unregis- 
tered_only -dynamic -interface rlO 

# BbinojiHHeM OTflejibHbiM (J)aMJiOM 

sarpysKy npaBvui firewall, 
/etc/firewall/ rules, sh 


»HaHMHaeM m sawMraeM 


B OTnMHMe OT Windows, b onepauMOHHOM cm- 
CTOMe FreeBSD (IPFW) firewall BCipoeH b ee 
cociaB. ripaBAa, pa3pa6oTHHKM b CBoe Bpe- 
M51 nocHMia/iM, HTO laKyfo «CTeHy» He ctomt 
BOSBOAMTb Ha Ka>KAOM BSD-KOMHbfOTepe. 
FloaiOMy HTo6bi CHa6AHTb cbok) BSD-MaiuMHy 
nonnoueHHbiM Me>KceTeBbiM aKpanoM, Heo6xo- 
AMMO npeAnpnH5iTb neKOiopbie f\e\ACTBm, ko- 
Topbie Ha nepBbiM Bsrn^iA Ka>KyTC5i c;io>KHbiMM. 

BcTpoeHHbiM BO FreeBSD firewall He to/ibko 
6 /iOKnpyeT He>Ke;iaTe;ibHbm ipacpHK, ho npM 
cooTBeiCTByfoiAeM nacipoMKe CTaHOBHTC 5 i moia- 
HbiM MHCTpyMeHTOM ceiOBoro ynpaBneHM 5 i. Ec- 
J]]A Bbl He XOTMie M 3 MeH 51 Tb 51 ApO BaiUeM CMCie- 
Mbl, npHAeTC 51 OrpaHMHMTbC 51 npOCTeMlUMMM 
c|DyHKUM 5 iMM 6 paHAMay 3 pa Tuna « 3 anpeTHTb- 
pa 3 pemnTb» (deny-allow). B caMOM npocTOM 
c/iynae Heo 6 xoAHMO nmub aanycimb ero b 
cpaM/ie /etc/rc.conf kombhaom firewalLen- 
able="yes". FlpM 3tom, KOHenno, BecbMa >Ke;ia- 
le/ibHo HacTpoMTb cpaM/i c npaBMnaMM a^i^ 
6 paHAMay 3 pa (no yMO/inaHHfo — /etc/ rc. fire- 
wall) Hy>KA KOHKpeiHoro no;ib 30 BaTe;i 5 i. 

TeM >Ke, KTO peiuMn BOcno;ib 30 BaTbC 5 i «no;i- 
HbiM Ha 6 opoM» yc/iyr ot IPFW, npMAera 3 a- 
H 51 TbC 51 c 6 opKOM HOBOTO B HerO HBAO 

BK/ifOHMTb c;ieAyK)iAMe ouu,m: 

► IPFIREWALL — MMeHHO 3 ia AHpeKTMBa 
«BKnfOHaeT» Bce bo 3 mo>khoctm IPFW. 

► IPFIREWALL.VERBOSE — ee BK/ifoneHMe 
no3Bo;i5ieT firewall BecTM nor-cpaM/i, b koto- 
POM XpaH51TC51 3anHCM o 6 o Bcex Co6blTM51X. 


9 ia om\m no/ieana a^i^i ana/iMaa pa 6 oibi cmc- 
leMbi M c;ie>KeHM 5 i 3 a nonbiiKaMM B 3 /iOMa, oa- 
HaKO BMecie c nen ue;iecoo 6 pa 3 Ho ncno;ib- 
30 Baib orpaHMHeHMe Hnc;ia nonaAafoiAMx b 
/lor-cpaM/i coo 6 iAeHMM. 

► IPFIREWALL_VERBOSE_LIMIT — npM OTcyi- 
CTBMM nHMMia 3/lOyMbllUneHHMK \AJ]\A npOCTO 
c6oMHbiM KOMnbfoiep B ceiM cnocobHbi npaK- 
TMHecKM MOMeHia/ibHo crenepHpoBaib orpoM- 
Hoe HMC/io naKeiOB. 9 to MO>KeT npMBeciM k 
TOM y, HTO nor-cpaMn firewall aaMMei Bce MMe- 
foiAeec5i A^CKOBoe npocTpanciBO. 

► IPFIREWALL_FORWARD m IPDIVERT paape- 
mafOT no;ib30BaTe;iK) Mcno/ibsoBaib Asa caMbix 
MOiAHbix MHCTpyMeHia IPFW: MeiOAbi nepena- 
npaBneHM5i ApyroMy aApecaiy m nepeAana na- 
Keia Ha o6pa6oiKy BHemneM nporpaMMbi. Me- 
TOA FORWARD (fwd) Aaei B03M0>KH0CTb nepe- 
HanpaBn5iTb naKeibi ApyroMy aApecaiy. l/lc- 
no;ib3y5i ero, mo>kho C 03Aaib, nanpMMep, 
FITTP-npoKCM cepaep, paboiafoiAMM Bcex 
K/iMeHTOB B npHHyAMie/ibHOM pe>KMMe (trans- 
parent proxy), \Aj]\A nepenecTM neKOiopbie 
cepBMCbi (WWW, Mail) BHyipb saKpbiTOM ceiM 
laK, HTo6bl OHM, TOM HO MOHOe, OCiaBa/lMCb AO- 
CTynHbiMM M3 BHeiuHero MMpa. MeiOA DIVERT 
nepeAaei naKei Ha o6pa6oiKy BHemneM npo- 
rpaMMe, hto no3Bon5ieT opraHM30Baib Aociyn 

K «6o;ibmoM» ceiM KnMeHiaM, naxoA^iiAMMC^i 


noA aaiAMTOM bpaHAMayapa. KpoMe loro, na- 
Keibi MO>KHO «3aBepHyTb» b cneuMa/ibHyfo 
nporpaMMy noAcneia ipacfiMKa. 

► IPFIREWALL_DEFAULT_TO_ACCEPT — no 

yMO/inaHMfo IPFW BK^fonaeic^i b pe>KMMe 
«Bce 3 anpeTMTb». flaHHa^i o 6 ecneHM- 

Baei Hana/ibHbiM ciapi firewall b pe>KMMe 
«Bce pa 3 pemeHO». Ec/im bbi He coBceM yee- 
peHbi B TOM, HTO BBM 3 TO Hy>KHO, TO nyHme 
Bcero ocTaBMTb «napaHOMAa;ibHbiM» pe>KMM 
no yMO/inaHMfo. EcnM >Ke Bbi Mcno/ibayeTe 
FreeBSD na 6 e 3 AMCKOBOM paboneM CTanuMM, 

OTCyTCTBMe 3 TOM OHAMM B 51 Ape He n 03 B 0 /lMT 
onepauMOHHOM cMCTeMe McnonbsoBaTb ceTe- 
Bbie AUCKM M 3 arpy 3 MTb C HMX Heo 6 xOAMMblM 
paboHMM Ha 6 op npaBMn. 

► DUMMYNET — OAHa M3 caMbix no;ie3Hbix 
aAMMHMCTpaTOpCKMX B03M0>KH0CTeM. flaHHa^l 
KOMaHAa BK/ifOHaeT b 5iApo cMCTeMy orpaHM- 
HeHM5i nponycKHOM cnocobHOCTM Kana/iOB, 
ocHOBaHHyfo Ha 3aAep>KKe npoxo>KAeHM5i na- 
KeTOB Hepea poyTep. mhotmx cMCTeMHbix 
aAMMHMCTpaTOpOB MMeHHO 3Ta B03M0>KH0CTb 
CTa/ia onpeAen^ifomeM npM Bbi6ope onepauM- 
OHHOM CMCTOMbi: nepeaApecauMfo naKOTOB m 
NAT MO>KHO opraHM30BaTb na npaKTMHecKM 
;ik) 6 om ceTOBOM OC, ho c orpaHMneHMeM npo- 
nycKHOM cnocobHOCTM Ma/io kto cnpaBMTC5i 

TaK >Ke xopomo, KaK FreeBSD. » 


M MCTOpMM Bonpoca 


CraHOB/ieHMe «orHeHHUx 

riepBoe noKoneHMe firewall npeACTaen^no 
coOoM Bcero nMiub MapiupyrMsaTopbi c na- 
KeTHOM cpMnbTpauMeM. Ohm BnepBbie no- 
HBMnMCb npMMepHO B 1985 roAy m ao cmx 
nop ocTaiOTCH caMbiM nonynnpHbiM tmhom 
ceTeBbix SKpaHOB. 

BTopoe noKoneHMe «orHeHHbix CTeH» — 
firewall uenHoro ypoBHH — McnonbsoBanM 
iviexaHMSM uenHOM nepeAanM MHcpopiviauMM 
OT MCTOHHMKa K nonyHaTenio. FlpM stoivi 
firewall npoBepnn KaK uenocTHOCTb BceM 
uenM naKeTOB, TaK m cooTBeTCTBMe mctoh- 
HMKa, nonynaTenH m HeKOTopbix APyrMx na- 
paMeTpoB saAaHHbiM npaBMnaM. UenbiM 
naKeT coOMpancn Ha firewall m nMiub nocne 
3Toro nepeAaaancH nonyHaTenio. 

TpeTbe noKoneHMe — firewall nporpaiviM- 
Horo ypoBHH (Application Layer firewall) — 


CT0H» 

Moryr npoBepnTb m caiviM AaHHbie, nepeAa- 
Baeivibie b naneTax. 3 to nosBonneT OTcne- 
>KMBaTb nepeAany naponeM. BiviecTe c hm- 
MM McnonbsyeTCH npoKCM-cepBMC, koto- 
pbiM KeujMpyeT MHcpopMauMio A-nn ycKope- 
HMH ee oOpaOoTKM. 

HeTBepToe noKoneHMe firewall AoSaanneT 
K (f)yHK 14 MHM CBOMX npeALUeCTBeHHMKOB 
nonesHyio B03M0>KH0CTb AHHaiviMHecKoro 
MSMeneHMH npaann (J)MnbTpauMM (Dynamic 
Packet Filter firewall). 
riHToe noKoneHMe firewall, KOTopoe noHBM- 
nocb B 1996 roAY OasMpyeTcn na apxM- 
TeKType Kernel Proxy. Ee ma 6 h coctomt b 

TOM, HTOObI BCTpOMTb MOXaHMSM npO- 
rpaMMHoro ypoann HenocpeACTBenno b 
HAPO OnepaUMOHHOM CMCTeMbI, HTO 3HaHM- 
TenbHO ycKopneT npouecc oOpaOoTKM. 
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» ► H4 TCP_DROP_SYNFIN, ICMP_BANDLIM — 
3TM om\m Mcno/ib3yK)TC5i yBe;iMHeHM5i 
npoMSBOAMTe/ibHOCTM firewaLL HZ onpeAe/i^iei 
HacTOiy npocMOipa CMCieMOM DUMMYNET- 
onepeAM naKeiOB, nociaB/ieHHbix Ha oinpaB- 
Ky. ICMP_BANDLIM m TCP_DR0P_SYNFIN yae- 
jiMHMBafOT saiAMiAeHHOCTb CMCieMbi OT xaKep- 
CKMx aiaK, no3Bo;i5i5i orpaHHHHBaib KO/iMHecT- 
BO oiuM6oHHbix ICMP-coo6iAeHHM, reHepMpye- 
Mbix CMCieMOM, M oi6pacbiBaTb TCP-naKeibi, b 
KOTopbix OAHOBpeMeHHo yciaHOB/ieHbi cfi/iarM 
Hana/ia m 3aBepiueHM5i coeAMHeHMM. 

► BRIDGE — A3HHa5i ouu,m no3Bo;i5ieT npe- 
BpaiMTb KOMnbfoiep b oco6bm imp ceieBoro 
coeAMHeHM5i — MOCT. B HeKOTopbix c/iyna^ix, 
oco6eHHO B coneiaHMM c onuMeM DUMMYNET, 
3TO noMO>KeT C03Aaib npociyfo, ho xopomo 
ynpaB/i5ieMyK) CMCieMy. 

Ees MysbiKa/ibHoro c/iyxa 
He 060HTMCb 

Flo 3aBepiueHMM ycnemnoM c6opKM m komhm- 
/151AMM HOBoro 5iApa ceieBOM SKpan aBiOMaiM- 
HecKM ciapiyei noc/ie nepe3arpy3KM CMCieMbi. 
ripM 3TOM C nOMOlAbfO KOMBHAbl dmeSQ MO>KHO 
yBMAeib coo6meHM5i o6 ycnemnoM ero ciapie: 

«BRIDGE 020214 loaded 
DUMMYNET initialized (011031) 

IP packet filtering initialized, divert 
enabled, rule-based forwarding 
enabled, deaault to accept, logging 
limited to 100 packets/entry 
by default)). 

Oahbko 6e3 cooTBeiCTByfomeM nacipoMKM 
Bam 6paHAMay3p ne 6yAei paGoiaib laK, Kax 
BaM 3Toro xoHeiC5i. Bo/iee loro: ec/iM npM 
ciapie CMCieMbi noKa3biBaioiC5i MMeHHo le co- 
o6meHM5i, Koiopbie npMBeAOHbi Bbime, firewall, 
CKopee Bcero, He 6yAei padoiaib Boo6me. fle- 
;io B lOM, Hio B HacipoMKM ceieBOTO SKpana 
aBioMaiMHecKM Ao6aB/i5ieiC5i npaBM/io noA 
HOMepoM 65535. Ero He;ib35i hm yAa/iMib, hm 
MC npaBMIb. ripM Ha/IMHMM B 51Ape OnUMM IP- 
FIREWALL_DEFAULT_TO_ACCEPT oho paapema- 
ei Becb ipacfiMK (65535 allow all from any to 
any); a npM ee oicyiciBMM — aanpemaei Becb 
ipac|DMK (65535 deny all from any to any). 

l/IcKycciBO HanMcaHM5i npaBM/i IPFW 
3aK;iK)HaeiC5i b iom, Hio6bi ao/dkhbim o6pa- 
30M pacnpeAe/iMib npaBM/ia 6 ;iokmpobkm m 
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nponycKa ipacfiMKa. FloApodHyio npoueAypy 
Ao6aB/ieHM5i npaBM/i mo>kho, kbk odbiHHo, Bbi- 
5iCHMib c noMOiAbfo KOMaHAbi man ipfw. CaM 
no cede npouecc BbicipaMBaHM5i «3aiAMiHOM 
CieHbD) AOBO/lbHO ipMBMa/ieH. riOApodHblM 
npMMep iMnMHHoro firewall ah^ odbiHHoro po- 
yiepa mo>kho yBMAeib Ha /iMciMHre 1. 

JIOKa/lbHO BbIXOflMM 
B rj]o6a;ibHyio cerb 

FopaaAO MHiepecnee BMecie c aaiAMiHbiMM 
cf)yHKAM5iMM pea;iM30Baib c noMOiAbio Mexa- 
HM3MOB IPFW HeKOIOpbie CepBMCHbie B03MO>K- 
HociM. HaMdo/iee iMnMHHOM a-h^ ceiM Ma/ioro 
oc|DMca MO>KHo cHMiaib 3aAaHy opraHMaauMM 
Aociyna b ceib m 3 /lOKa/ibHOM ceiM c Mcno/ib- 
30BaHMeM eAMHciBeHHoro BHemnero IP-aApe- 
ca. CpeACiBaMM IPFW aia aaAana pemaeiC5i 
c/ieAyioiAMM odpaaoM. 

ripe>KAe Bcero, neodxoAMMO paapemMib 
AeMOHy natd ciapioaaib npM sarpyaxe. Cac- 
jiaib 310 MO>KHO ;im6o c noMOiAbio Aono/iHM- 
le/ibHoro CKpMnia, ;im6o c noMOiAbio kom3ha b 
c|DaM;ie /rct/rc.conf: 

gateway_enable="YES" 

natd_enable="YES" 

natd_interface="rlO" 

rioc;ieAH5i5i KOMaHAa b KaneciBe ananeHM^i 
AO/DKHa Mcno;ib30Baib mm5i BHemnero MHiep- 
cfieMca, 10 ecib mmohho c 3iom «ceieBOM ciopo- 
Hbi»AO/i>KeH pacno;iaraibC5i Bam npoaaMAep. 
Floc/ie 3ioro neodxoAMMO «paaBepHyib» Bce 
BxoA^iiAMe naKeibi na nopi ASMona natd. fle/ia- 
eiC5i 310 c noMOiAbfo KOMaHAbi divert: ipfw add 
divert natd all from any to any via rlO 

yAodciBa mo>kho bck) npoueAypy sany- 
CKaib aBioMaiMHecKM. Mo>kho, nanpMMep, co- 
3Aaib 3ioro cneuMa/ibHyio A^peKiopMio 
firewall b /etc/, m aaieM coaAaib b hcm napy 
cfiaM/iOB (cm. /Imcimhtm 2 m 3). BaM ocianera 
jiMmb AodaBMib B /etc/rc.conf napy cipoK: 

firewall_enable="YES" 

(3ia cipoKa y aac y>Ke AO/DKHa dbiib) m 

firewalLscrip t = "/ ect/ firewall/ firewall, sh " . 

riony;i5ipHbiM eapManiOM pemeHM5i 3 iom 
3aAaHM MO>KHO Ha3Baib opraHM3auMfo «npo- 


3paHHoro» npoKCMpoBaHM5i. Ee ma65i aaK/ifo- 
HaeiC5i B IOM, HIO no/ib30Baie;ibCKMe aanpo- 
cbi npMHyAMie/ibHO HanpaB/i5noiC5i na npo- 
KCM-cepeep (name ecero squid). 3a cnei 
3ioro AOCiMraeiC5i nexoiopa^i 3 KOHomm5i no- 
iped;ieHM5i ipac|DMKa. Flo neKOiopbiM oqeH- 
KaM, npM npaBM/ibHOM nacipoMKe ona MO>Kei 
cociaBMib AO 30%. 

0praHM3OBaib noAodnyio cxeMy AOBO/ib- 
Ho npocio — AOCiaiOHHO jiMmb nepenanpa- 
BMib aanpocbi, npMxoA^iiAMe oi nonbaoaaie- 
na, Ha nopi npoKCM-cepeepa. fle;iaeiC5i 3io 
eAMHCieeHHOM KOMaHAOM: 

ipfw add fwd 127.0.0.1,3128 tcp from 

<aApec BHyipenneM ceTvi> to any 80. 

ripM 3IOM HeodxoAMMO noMHMib, HIO nopi 
3128 B npeAbiAymeM kombhac ao/dkoh odo- 
3Hanaib mmohmo ioi nopi, na KOiopoM pado- 
laei npoKCM-cepeep. KpoMe loro, b c|DaM;i na- 
cipoMKM squid neodxoAMMO AodasMib 
HeCKO/lbKO cipoK: 

httpd_accel_host virtual 
httpd_accel_port 80 
httpd_accel_with_proxy on 
httpd_accel_uses_host_header on » 
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# BE30nACH0CTb/_ cereBbie SKpaHbi 


» C;iO)KHblM JlOKa/lbHblM CJiyHaM 

Heo6xoAMMO ynoM5iHyTb eme oaho npn;io>Ke- 
HMe BCTpoeHHoro firewaLL FreeBSD, KOTopoe 
CaMbIM /lyHlUMM Cn0C060M MO>KeT npOM/UlfOCT- 
pi/ipoBaib ero «paciuMpeHHbie» bo3mo>khoctm. 
PeHb noMAei o laK HasbiBaeMOM PoLicy-Based 
Routing (PBR). B caMOM npocTOM c/iynae aio 
noH5iTMe o6o3HaHaei cnoco6 nepeuanpaB/ie- 
Hm ipacfiMKa b cooTBeicTBHM c 3apaHee 3a- 
AaHHbiMM yc;iOBM5iMM (uanpHMep, aApecoM mc- 
TOHHMKa). ripome rOBOp51, npM Ha;iMHMM 
HeCKO/lbKMX Kaua/lOB nOAK/lK)HeHM51 K ce- 
TM MO>KHO oniMMa/ibHbiM o6pa30M opraHM30- 
Baib pa6oiy cbomx K/ineHTOB. flonyciMM, y uac 
ecTb ABa «BHeiuHMx» ceieBbix MHTepcjDeMca: 
fxpO — 1.1. 1.1 /24 (gateway 1.1.1.111 ISPl) 
M fxpl — 2. 2. 2. 2 /24 (gateway 2.2.2.222 
ISP2), M ABa «BHyTpeHHMx»: rLO — 3.3.3.3/24 
(ceib NETl ) M rLl — 4. 4. 4. 4 /24 (ceib 
NET2). 3aAana coctomt b tom, HTo6bi uanpa- 
BMTb Tpac|DMK COTM NETl Hepe3 npoBaMAepa 
ISPl, a ipacjDMK ceiM NET2 — nepea npoBan- 
Aepa ISP2. OneBMAHO, hto a^^ Ka>KAoro «BHy- 
TpeHHero» cerMeHia Heo6xoAHMO noAH5iTb 
CBOM Co6CTBeHHblM A6M0H Patd. FlpM 3TOM 
c/ieAyei noMumb, hto napaMOTpbi aanycKa 
natd npMHAMnna;ibHO MoryT coBnaAaTb, ho 
nopTbi, KOTopbie 6yAyT «npoc/iyiuMBaTb» 3 tm 
A eMOHbi, AO/DKHbi 6biTb pa3HbiMM (natd -a 
1.1. 1.1 -p 8668 M natd -a 2. 2. 2. 2 -p 8778). 


rioc;ie 3Toro HaAO co3AaTb Ha6op npaBM/i 
ipfw, KOTopbie, co6cTBeHHo, M pea/iMsyfOT no- 
CTaB/ieHHyfo aaAany (cm. /Imcthht 4). 

FlpeACTaB/ieHHa^i aaAana, HecMOTp^i Ha ee 
Ka>KyiAyK)C5i c;io>KHOCTb, peiuaeTC5i AOBO/ibHO 
npOCTO, HO TO/lbKO B AaHHOM KOHKpOTHOM C/iy- 
Hae. floBO/ibHo HacTO BCTpenaeTc^i nenpa- 
BM/ibHoe npHMeneHMe PBR. KaK npaBM/io, 
npoMcxoAMT 3TO TOTAa, KOfAa Ha firewaLL, Bbi- 
no;iH5iK)iAeM eme m po/ib poyTepa, ncno;iH5iK)T- 
C51 cepBMCbi (nanpMMep, WWW), npnB5i3aHHbie 
K KOHKpeTHOMy aApecy KOHKpeTHoro MHTep- 
cfieMca. B 3tom c/iynae Heo6xoAHMa aoho/ihh- 
Te;ibHa5i nacTpoMKa. 

^npae/ieHMe CKopocTbio 

BTopa5i no Ba>KH0CTM 3aAana, KOTopyfo o6biH- 
HO pemafOT CMCTOMHbie aAMMHMCTpaTOpbl, — 
pa3Ae;ieHMe lUMpMHbi no/iocbi nponycKaHH5i 
Me>KAy no;ib30BaTe;i5iMM. B ;ik)6om c/iynae no- 
;ie3HO yMOTb HacTpaMBaTb tot caMbm «KpaH», 
CKBOSb KOTOpblM TpacflMK nOCTynaOT K BaiUMM 
K/iMeHTaM. B npocTeiiiueM c/iynae, KorAa neo6- 
xoAMMO npocTO orpaHMHMTb lUMpMHy Kana/ia 
f\J\5\ OAHOrO M3 HMX, MO>KHO npMMOH^ITb KOHCT- 

pyKUMfo c;ieAyK)iAero BMAa (cm. JImctmht 5). 

HaBaMTe npaaM/ibHO KOH(|)MrypMpoBaTb 

KaK TO/lbKO Bbi Bcepbea aaMMOTecb KOHcfiMry- 
pMpoBaHMOM Bamero 6paHAMayapa, o6/i3a- 


Te/ibHO BCTaneT Bonpoc o npaBM/ibHOM no- 
p/iAKe HanMcaHM/i npaBM/i f\j\5\ Hero. Heo6- 
XOAMMO nOMHMTb, HTO BCe PpaBM/ia IPFW Bbl- 
nO/lH51K)TC51 nOC/lOAOBBTe/lbHO, M KB K TO/lbKO 
K3K0e-T0 M3 HMX Bbl nO/1 H/lOTC/l AaHHOTO 

naKOTa, Aa/ibHeiiiuMM aHa/iM3 He BeAeTC/i. 
riosTOMy nop/iAOK HanMcaHM/i Kpanne Ba- 
>KeH. EcTb npaKTMHecKM McnbiTaHHa/i m hbm- 
6o/iee 3cf)c|DeKTMBHa5i cxeMa nanMcaHM/i npa- 
BM/i firewaLL, KOTopa/i AO/i>KHa pa6oTaTb 
He TO/lbKO BO FreeBSD, ho m bo Bcex ocTa/ib- 
Hbix cMCTOMax, nocKO/ibKy /lOTMKa ee AOCTa- 
TOHHO yHMBepca/ibHa. 

B nepByfo onepeAb neo6xoAMMO sanpeTMTb 
BpeAHbiM Tpac|DMK. l/lHCTpyKUMM deny m reject 
AO/DKHbi MATM B CBMOM HaHa/ie. fla/iee 
c6opa BHemneM ctbtmctmkm, ec/iM 3to Heo6xo- 
AMMO, Hy>KHO MCn0/lb30BaTb MHCTpyKUMM 
count Ha BHeiuHMx uHTepcfieMcax. Floc/ie Hero 
HacTynaeT nepeA MHCTpyKUMM forward. Floc/ie 
Toro KaK AaHHbie nocHMTanbi na BHemneM mh- 
TepcfieMce, ohm MoryT 6biTb nepeHanpaB/ieHbi 
BHyTpb /lOKa/ibHOM ceTM M/iM Ha BHemHMe odt- 
eKTbi. Floc/ie 3Toro neodxoAMMO nacTpoMTb 
BHyTpeHHMe o6pa6oTHMKM Tpac|3MKa — AHpeK- 
TMBbi divert, fla/iee, ec/iM 3to Hy>KHo, ctomt 
nocHMTaTb TpacfiMK Ha BHyTpeHHeM ceTM — 
count Ha BHyTpeHHMM uHTepcfieMc. I/I to/ibko 

nOTOM MO)KHO OTKpblBBTb K0M3HA0M aLLoW 
BHyTpeHHfOfo ceTb M coeAMHOHM/i, paapemeH- 
Hbie HenocpeACTBeHHO cymecTByfoiAero 
poyTepa. B aaK/ifoneHMe c/ieAyeT BK/ifOHMTb 
Log M 3anpeT Bcero ocTa/ibHoro, hto Ka- 
KMM-TO o6pa30M cyMOOT npocKOHMTb Hepe3 
Bce npeAbiAyiAMe npaBM/ia. 

KOHeHHO, eC/lM Bbl HaCTpOM/lM CBOM COTe- 
BOM 3KpaH, npeABapMTe/ibHo He oanaKOMMB- 
mMCb c npMBeAeHHbiMM peKOMeHAauM/iMM, m 
B no/iHe AOBO/ibHbi ero pa6oTOM, — nepenacT- 
paMBBTb noKa HMHero He hbao. Flo KpaMHeM 
Mepe, AO Tex nop, noKa Bbi He y6eAMTecb, hto 
B ce M0)KH0 CAe/iaTb eme /lynme. 

IPFilter - KOHnaKTHOCTb 
M npOMSBOflMTe/lbHOCTb 

riaKOT IPFiLter, co3AaHHbiM HeaaBMCMMOM ko- 

MBHAOM paspadOTHMKOB, B HaCTO/UAee BpeM/l 
nocTaB/i5ieTC5i He to/ibko b cocTaBe FreeBSD, 

HO M eme KaK MMHMMyM B nape aoc/itkob 
U nix-CMCTeM. FlpeMMyiAecTB y Hero aobo/ib- 
Horo MHoro: BO-nepBbix, oh KOMnaKTHee » 


HacTpoMKa IPFW 


JlMCTMHr >1. policy_base.sh 


#!/bin/sh 

# HanpaBjineM mcxoahiamm Tpa(J)viK ceTvi NETl 

Ha nepBbiM agmoh natd (nopT 8668) 
ipfw add 10 divert 8668 ip from 
3.3.3.0/24 to any 

# HanpaBjineM mcxoahiamm rpacJiviK cervi NET2 

Ha BTopoii agmoh natd (nopr 8778) 
ipfw add 20 divert 8778 ip 
from 4.4.4.0/24 to any 

# HanpaBjineM rpacJiviK c BHemnero viHTep- 

(JieMca fxpO Ha poyrep npoBauAepa ISPl 
ipfw 30 add fwd 1.1.1.111 ip from 
1.1. 1.1 to any 


# HanpaBjineM rpacJiviK c BHemnero 

MHTep(J)eMca fxpl na poyrep 
npoBauAepa ISP2 
ipfw 40 add fwd 2.2.2.222 ip from 
2. 2. 2. 2 to any 

# HanpaBjineM bxoahiamm rpacJiviK npoBauAe- 

pa ISPl na nepBbm agmoh natd 
(nopT 8668) 

ipfw 50 add divert 8668 ip from any to 1.1. 1.1 

# HanpaBjineM bxoahiamm rpacJiviK npoBauAe- 

pa ISP2 Ha nepBbiM agmoh natd 
(nopT 8778) 

ipfw 60 add divert 8778 ip from any 
to 2. 2. 2. 2 
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HacTpoMKa IPFlil 

JlMCTMHr 5. OrpaHMHeHMe no;iocbi nponycKaHMfl 

# KoH(J)virypvipyeM «Tpy6y» (pipe) 1: 

# OnpeAejineM, hto ajih KjmeHTa 

orpaHMHMBaeM mvipviHy Kanajia 

192.168.0.1 Ha bxoa mvipviHa KaHaji 

B 1 M6mt/c 

He 6yAeT npeBbimaTb 1 M6 mt/c 

ipfw pipe 1 config bw IMbit/s 

ipfw add pipe 1 ip from any 


to 192.168.0.1 in 

# KoH(J)virypvipyeM «Tpy6y» (pipe) 2: 


orpaHMHMBaeM mvipviHy Kanajia 

# To >Ke caMoe, ho na mcxoahiamm rpa^viK 

B 128 K6mt/c 

BbiAejineTCH ne 6ojiee 128 K6 mt/c 

ipfw pipe 2 config bw 128Kbit/s 

ipfw add pipe 2 ip from 192.168.0.1 to any out 


» BCTpoeHHoro IPFW; BO-BTopbix, ero MHiep- 
cfieMC 6o;iee noH5iTeH Aa>Ke HenocB5imeHHo- 
My no/ibsoBaie/ifo; m B-ipeibHx, npneMbi m 
peiueHM5i TMnMHHbix ceieBbix saAan b stom 
naKeie Bbir;i5iA5iT npome, He>Ke;iM y IPFW. 

HTo6bi BK/ifOHMTb IPFiLter b CMCieMy, Heo6- 
xoAMMO Ao6aBMTb B 5iApo ouu,m IPFILTER m 
IPFILTER_LOG. Floc/ie aioro 5iApo, eciecTBeH- 
Ho, npnAeTC5i co6paib saHOBO, saio noc/ie ne- 
pesarpysKM Bbi no/iynme roTOByfo Aa/ib- 
HeMlUMX 3KCnepHMeHTOB CMCieMy. 

0cHOBHa5i saAana ;iK)6oro ceieBoro 3Kpa- 
Ha — 6/iOKMpoBaHne m (m;im) nponycK AaH- 
Hbix. B IPFiLter Bce pemaeic^i aobo/ibho 
npocTo: Tpac|DMK 6/iOKnpyeTC5i KOMaHAOM 
block M pa3peiuaeTC5i KOMaHAOM pass. KpoMe 
cobcTBeHHO naKeiHoro cfiM/ibipa, b cociaB 
IPFiLter bxoa^it yiM/iHTbi MOHmopi/iHra ip- 
mon, yTM/ima c6opa m OTo6pa>KeHM5i CTaiMc- 
TMKM ipfstat HeCKO/lbKO leCTOBblX yiM/lMT M 

nporpaMMa ipnat KOTopa^i no/ibsyeic^i hbh- 
6o;ibiueM nony;i5ipHOCTbK), laK kbk no3BO/i5i- 
ei bbicipo M npocTO opraHM30Baib Aociyn H3 
jioKa/ibHOM ceiM B l/lHTepHei. 

Ec/IM rOBOpMTb KOHKpeiHO, TO B CBMOM 
npocTOM c/iynae noc/ie yciaHOBKM IPFiLter bbm 
HBAO jiMiub co3Aaib (jDaM/i /etc/ipnat. rules m 
noMecTMTb B Hero cipoKy: map inti 
192.168.0.0/24 ^ 123.123.123.123/32. 
3Aecb inti — nHTepc|DeMC c pea/ibHbiM IP- 
BApeCOM (hB KOTOpOM 6yA6T npOM3BOAMTbC51 
TpaHc;i5iUM5i), 123.123.123.123 — pea/ibHbm 
IP, BbiAaHHbiM npoBBMAepoM, 192.168.0.0/24 
— 6/iok BApecoB /lOKa/ibHOM ceiM. Floc/ie 3 to- 
ro BBM OCTaHeTC51 /IMlUb AObaBMTb B 
/etc/rc. Local cipoKy aanycKa ipnat npi/i 3a- 
rpysKe CMCieMbi: ipnat -f /etc/ipnat.ruLes. 


fl/151 beayc/iOBHoro nepeHanpaB/ieHH5i 
(redirect) naKeiOB, npmueAUiMx H3BHe (hb- 
npMMep, «npo3pBHHoro» Aociyna k 
WWW/SMTP- cepaepaM, pacno;io>KeHHbiM bo 
BHyipeHHeM cotm) ncno;ib3yeTC5i KOMBHAa rdr 
fxpO 200.200.200.1/32 port 8080 ^ 
192.168.1.17 port 80 tcp. B AaHHOM c/iynae 
jifoboM naKei, npmueAUiHM hb nopi 8080 
BHeiuHero HHTepc|DeMca 200.200.200.1, 6yAei 
nepeHanpaB/ieH hb 192.168.1.18 nopi 80. 

Eme OAHO HeocnopMMoe yAobcTBO ipnat 
COCTOMT B yMOHHM 3TOM nporpBMMbl HO TO/lb- 
Ko TpaHc/iMpoBaib BHyipeHHMe BApeca bo 
BH eiuHfOfo ceib, ho m neKoiopbiM obpaaoM 
aHa;iM3MpoBaTb nepeAaBaeMbie AaHHbie. Jlyn- 
me Bcero 3 to mo>kho npoAeMOHCipHpoBaib na 
npMMepe npoTOKO/ia FTP. FlpMBeAeHHbix Bbiiue 
npOCieHbKMX KOMBHA 6yA6T HeAOCTBTOHHO 
A/151 KOppeKTHOM pa60Tbl 3TOrO npOTOKO/ia, 
nocKO/ibKy 3TO ceieBoe B3anMOAeMCTBMe ipe- 
6yei yKa3BHM5i pea/ibHO cymecTayfomero IP- 
BApeca K/iMeHia. Flpob/ieMy mo>kho peiumb 
Ao6aB/ieHneM c/ieAytoneM KOMBHAbi: map 


fxpO 192.168.1.149/32 ^ 200.200.200.1/32 
proxy port ftp ftp/tcp. 

C/ieAy/i 3TOM AnpeKTMBe, ipnat 6yAei noA- 
CTBB/i/iTb B AaHHbie, nepeAaBaeMbie bo apeM/i 
FTP-ceanca, Hy>KHbie aApeca. C/ieAyei /imub 
nOMHMTb, HTO npOKCM-npBBM/lO AO/DKHO o6/l- 
3BTe;ibHO CTO/iTb nepeA ApyrMMM npaBM/iaMM 
(3a MCK/iioHeHMeM redirect). 

BbITb M/lb He 6blTb? 

He B TOM Bonpoc 

B CBMOM Ae/ie, a/i/i toto, kto xoib napy ne- 
Ae/ib npoBe/i b r/io6a/ibHOM ceiM, Bonpoca o 
HeobxoAMMOCTM ceieBoro aaiAMiHoro OKpana 
He cymecTByei. Ob/iaaie/ibHOCTb ero Mcno/ib- 
30BBHM51 onpeAe/i/ieic/i Aa>Ke ne noieHAMa/ib- 
HOM onacHOCTbK) «6o/ibiuoro m 3/io6Horo» 
l/lHiepHeia, a yAobciBOM aioro moiahoto ce- 
leBoro MHCTpyMeHia. KpoMe Toro, c/ieAyei ot- 
MeiHTb, HTO BO MHOTMX C/iyHB/lX MCn0/lb30Ba- 
HMe npaBM/ibHO nacTpoennoro bpaHAMayapa 
no3BO/i5ieT aaiAMTMTb BHyTpennioK) Kopnopa- 
TMBHyK) CeTb OT HOKOTOpblX BMAOB COTOBblX 
BMpyCOB, KOTOpbie CnOCOdHbl aTaKOBBTb KOM- 
nbiOTepbi no aapanee H3BecTHbiM nopTBM. Ko- 
HeHHO, CO BpeMeneM MoryT no/iBMTbc/i moam- 
CflMKaUMM BpeAOHOCHbIX nporpBMM, KOTOpbie 
6yAyT MCKBTb /laaeMKy nepea Apyme nopTbi. 
Flo Aa>Ke ec/iM aac nyraeT neKOTopa/i othocm- 
Te/lbHB/l C/10)KH0CTb HBCTpOMKM Me>KCeTeBOrO 
3KpaHa, o6/i3aTe;ibHo naiiAMTe apeM/i m cn;ibi, 
HTo6bl BHMMBTe/lbHO M He CneiUa B 3TOM pa30- 
6paTbC5i. rioTOMy hto, rpaMOTHO CAe/iaa 3 to 
OAMH pa3, Bbl nOHTM HBBepH/lKa CMO)KeTe 3a- 
6biTb 0 KaKOM-/in6o c6oe a /lOKa/ibHOM ceTM 
HB AOCTBTOHHO AO/lTOe BpeM51. 

■ ■ ■ CepreM KoHApameB 


Bonpocbl TepMMHO/IOFMM 


Fireuall, 6paHQMay3p 

Bes npaBMnbHoro ynoTpeOneHMH cneuM- 
anbHOM TepMHHOnOri/IM HeB03M0>KH0 AO- 
CTMHb Bsai/iMonoHHMaHi/m cneukianMCTOB m 
nonbsoBaTeneM. B npi/mo>KeHm/i k cpeACT- 
BaM ceTeBOM saiAi/iTbi Bce Tpi/i ynoivmHyrbix 
TepiviMHa ynoTpeOnmoTCH b HameM CTpane 
KaK CMHOHMMbl, XOTH 3T0 H6 COBCeiVI BepHO. 

TepiviMH firewall Oonbiue boaxoamt a/ih onn- 
caHMH MapLupyTM3aTopa c (})MnbTpai4MeM na- 


m;im cereBOM SKpaH? 

K6T0B, paOoTaiOLAero Ha ceTeBOM ypoBHe 
MOAem/i OSI. rio3>Ke HenocpeACTBeHHO b 
cpkmbTpax Hananacb peanM3aunH nonMTMKM 
OeaonacHOCTM, hto npi/iBeno k co3AaHMio 
Lumo3a ypoBHH npnno>KeHMM (OpaHAMayapa). 
TepiviMH «Me>KceTeBOM 3KpaH» 6bm npMHHT 
A/IH 0603HaHeHMH COBOKynHOCTM KOIVinOHeH- 
TOB, KOTOpbie HaXOAHTCH Me>KAy BHeUJHeM M 
aaLAMLAaeiviOM ceTbio m oOpaayiOT «6apbep». 
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# BE30nACH0CTb/_ nepeAa^a ct)aM;iOB 



llapaA 

nocpeflHMKOB/ 


0 D 3 op (paiijiOBbix nporoKOJiOB 

MHoroo6pa3ne cereebix npoioKOAOB nosBOAfler peumb Aio6bie 33Aa- 
HM, CBfl3aHHbie c coBMecTHOM pa6oTOM B cern: o6ecneHHTb BbicoKvio 


aamumeHHocTb, 6 bicTpoAeMCTBne, 
pa3HOpOAHblMM C6TJ1MM. 

a cnosm M Tpe6oBaHM5i nepeAaHM cjDaM- 
;iOB Moryi saMeiHO pas/iMHaibc^i b saBM- 
CMMOCTM OT peiuaeMbix saAan. noaioMy 
oco6eHHo Ba>KHo npaBM/ibHo Hacipomb 
cfiaM/i-cepBep, Bbi6paB npoioKO/i nepeAaHM 
AaHHbix, ceieByK) cjDaM/iOByK) CMCieMy m OAHy 
M3 pea/iMsauMM cepeepa. HM>Ke 6yAyi onMca- 
Hbi ocHOBHbie Mcno/ibsyeMbie npoioKO/ibi ne- 
peAaHM cfiaM/lOB, MX AOCTOMHCTBa M HeAOCTai- 
KM. OAHaKO OKOHHaie/lbHblM Bbl6op, KaK BCe- 
TAa, 0CTaeTC5i sa BaMM. 

BerepaH HHTepHera 

FTP — OAMH M3 CaMbIX «CTapblX» npOTOKO/lOB 
cpeAM npMMeH5iK)iAMxc5i ceroAH5i. OAHaKO oh 
AO CMx nop He noiep5i;i aKiya/ibHOCTM npM mc- 
no;ib30BaHMM b /lOKa/ibHbix cei5ix. 3 to CB5i3a- 
Ho M c pery;i5ipHbiM o6Hapy>KeHMeM HOBbix 


TaK)Ke o 6 m 6 h AaHHbiMn Me>KAy 


y 5 i 3 BMMOCieM pea;iM 3 auMM SMB-npoTOKo;ia b 
Windows, m c no 5 iB;ieHMeM npocibix b naci- 
poMKe M «/ierKMx» FTP-cepBepoB. 

K/iMeHTbi M cepBepbi f\j\s\ FTP cymecTByfOT 
A/151 Bcex cMcieM, Aa>Ke Palm OS. FlMKa- 
Koro iuMc|DpoBaHM5i AaHHbix M/iM napo/iOM npo- 
TOKO/iOM He npeAycMOipeno, xot5i cymecTByeT 
cxeMa, npM KOTopoM o6meHMe Me>KAy K/iMen- 
TOM M cepaepoM ocymecTB/i^iera nepea SSL- 
coeAMHeHMe. OAHaKO AaHHbiM eapMaHi noipe- 
6yei OT eac ;im6o cneuMa/ibHbix K/iMeniOB, 

;im6o npeABapMie/ibHOM pynnoM yciaHOBKM 
SSL-TyHHe/151 (nanpMMep, c noMOiAbfo naKeia 
openssL, o KoiopoM Bbi MO>KeTe npoHMiaib b 
A pyroM CTaibe), noaiOMy oh noxa ne no/iyHM/i 
lUMpoKoro pacnpocipaHeHM5i. 

Ba>KHOM 0C06eHH0CTbf0 FTP 51B;i5ieTC51 MC- 
no/ibaoeaHMe bo BpeM5i ceccMM OAHoapeMen- 
HO HeCKO/lbKMX COeAMHOHMM. KOMBHAbl Cep- » 
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» Bepy OT K/iMeHia nepeAafOTC5i no ABaAUaib 
nepeoMy TCP-nopiy. aioro Ka>KAbm pas 
ycTaHaB/iMBaeTC5i HOBoe TCP-coeAMHeHne, 
MHHAI/iaTOpOM KOTOporO MO>KeT C;iy>KMTb KaK 
cepaep, laK m K/ineHT. 

B laK HasbiBaeMOM aKii/iBHOM pe>KMMe 
(Active Mode) K/iMeHT coo6iAaei cepaepy aApec 
M nopi, Ha KOTopoM OH o>KMAaeT AaHHbie, noc/ie 
Hero cepeep ycTanaB/iMBaeT coeAMHeHne no 
yKasaHHOMy aApecy. fla/iee npoMcxoAMi neno- 
cpeACTBeHHo nepeAana AaHHbix: cnMCKa ao- 
CTynHbix Ha cepaepe cfiaM/iOB (Kaia/ioroa) m;im 
co6cTBeHHo c|DaM;ia. 3ia oco6eHHocib aKiMBHo- 
ro pe>KMMa Tpe6yei cneuna;ibHbix Mep npi/i 
Mcno/ibsoBaHMM NAT, laK kbk K/iMeni b AannoM 
c/iynae coo6iAaei cbom aApec ns «BHyTpeHHeM» 
ceiM, KOTopbiM HeAOCTyneH a/i^i cepaepa. Bo 
FreeBSD f\ni\ peiueHM5i stom npo6;ieMbi Hy>KHO 
BK/ifOHMTb ftp proxy MOAy/ib B /etc/ipnat.ruLes 
nepeA ocia/ibHbiMM npaaM/iaMM TpaHc;i5iUMM: 

map fxpO 0/0 -> 0/32 proxy port ftp ftp/tcp 

B naccMBHOM pe>KMMe (Passive Mode) 
nepeAaHM AaHHbix cepaep OTKpbiBaei coKei 
Ha CBoeM CTopoHe, coo6iAaei o6 stom k;im- 
eniy m >KAeT yciaHOBKM coeAHHeHM5i na- 
Ha/ia nepeAaHM AaHHbix. 

rio/iyHMTb HaM6o;iee lUMpoKMe bo3mo>khoctm 
M OT/lMHHyK) npOMSBOAMie/lbHOCTb no3Bo;i5ieT 
Mcno/ibsoBaHMe naKeia proftpd (http://www. 
proftpd.org). CMHiaKCMC ero KOHcfiMrypauMOH- 
Horo cjDaM/ia noxo>K na npMMen^ieMbiM b Apache, 
HTO o6;ierHaeT noHMMaHMe m o6;ierHaeT naci- 
poMKy. Oh noAAep>KMBaeT paa/iMHHbie cjDopMaTbi 
(backends) f\j\s\ xpaneHM^i aBiopMsauMOHHbix 
AaHHbix no/ibsoBaie/ieM: PAM, LDAP, SQL m 
passwd. Cxo>KeM cj^ynKUMOHa/ibHOCTbio o6;ia- 
Aaei pureftpd (http://www.pureftpd.org). 
JlK)6MTe;i51M MMHMMa/lM3Ma MO>KHO peKOMOH- 
AOBaib vsftpd (http://vsftpd.beasts.org), ko- 
TopbiM pa3pa6aTbiBa;iC5i mcxoa^i ms npMHUM- 
noB MaKCMMa/ibHOM besonacHOCTM. 

liHMBepca/IbHOCTb 
qeHOM 3aii|Mii|eHH0CTM 


ripoTOKO/i SMB (Server Message Block) npeA- 
CTaB/i5ieT coboM HeHTO bo/ibiuee, hom npocio 
npoTOKO/i A^^ obMeHa cfiaM/iaMM. HanpMMep, oh 
no3BO/i5ieT coBMecTHO Mcno/ibsoBaib npMHiepbi, 
noc/ieAOBaie/ibHbie nopibi m Aa>Ke laKMe abci- 
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paKTHbie pecypcbi, kbk named pipes m c/ioibi 
A/151 obMena coobmeHM/iMM (mailsLots). SMB mc- 
no/ibsyei npoTOKO/i bo/iee HMSKoro ypoBH/i — 
NetBIOS, paspaboiaHHbiM IBM b 1985 roAy, ko- 
TopbiM, B CBOK) onepeAb, MO>KeT paboiaib na 
/iioboM ApyroM npoTOKO/ie ipeibero ypoBH/i: 
TCP/IP, SPX/IPX, DECnet m/im cneuMa/ibHO paa- 
paboiaHHOM a/i/i ipaHcnopia NetBIOS-naKeioa 
B Hebo/ibiuMx ceT5ix NetBEUI. B NetBIOS/SMB 
BX0A51T He TO/ibKO MeioAbi paboTbi c cfiaM/ia- 
MM, HO TaK)Ke cpeACTBa obnapy/KeHM/i («brows- 
ing») SMB-cepBepoB, hto oi/iMHaei stot npoTO- 
KO/i OT Bcex ocTa/ibHbix. CepBepbi c noMOiAbio 
lUMpoKOBeiAaTe/ibHbix naKOTOB anoHCMpyiOT 
CBoe npMcyTCTBMe b cotm, a TaK>Ke OTaenaiOT na 
lUMpoKOBeiAaTe/ibHbie aanpocbi ot K/iMeHToa, 

HTO no3BO/i5ieT noc/ieAHMM MMOTb aKTya/ibHbie 
cnMCKM CBoero ceTeaoro 0Kpy>KeHM5i. 

B SMB Mcno/ib3yiOTC5i Ase moao/im aaiAMTbi: 
ypoBH5i pecypca (share Level) m ypoBH/i no/ib- 
30BaTe;i5i (user level). B nepBOM c/iynae ycTa- 
Haa/iMBaeTC/i napo/ib na pecypc (share) b ue- 
/lOM, M npM ycneiuHOM ayTeuTMcfiMKauMM K/iMeHT 
no/iynaeT AOCTyn ko BceM cfiaM/iaM, naxoA/i- 
IAMMC51 BHyTpM. Bo BTopoM c/iyHae npM ycTa- 
HOBKe CeCCMM npOMCXOAMT ayTeHTMCf)MKaUM51 
no/ib30BaTe/i5i, m eMy BbiAaeTC/i UID, KOTopbiM 
saTeM npMMeH5ieTC5i onpeAe/ieHM/i npaa 
AOCTyna na cfiaM/iOBOM ypoBHe. 

ripM pabOTe MCnO/lb3yiOTC51 CflMKCMpOBaH- 
Hbie «xopoiuo M3BecTHbie» (well-known) TCP/ 
UDP-nopTbi (135, 137-139, 445) hto nosBO/i/i- 
eT /lerKO nacTpoMTb firewall a/i/i aaiAMTbi ot 
nocTopoHHMx BTop>KeHMM. 3to ocobeHHO aK- 
Tya/ibHO, ec/iM BcnoMHMTb 0 pery;i5ipH0 obna- 
py>KMBaeMblX y/13BMMOCT51X B CeTOBblX CepBM- 
cax OT Microsoft. BaiAMTbi nepeAaBaeMbix 
AaHHbix He npeAycMOTpeno, aa MCK/uoneHMeM 
iuMc|3poBaHM5i napo/151 npM ayTeHTMcfiMKauMM. 


fl/151 AaHHoro npoTOKO/ia xapaKTepHbi 
Hebo/ibiuMe saAep/KKM npM paboTe c cfiaM/io- 
BOM CMCTeMOM M, npM AO/DKHOM HaCTpOMKe 
cepBepa, BbicoKa/i CKopocTb nepeAaHM AaH- 
Hbix. SnaHMTe/ibHbiM npeMMymecTBOM /iB/i/ieT- 
C51 noAAep>KKa paa/iMHHbix KOAOBbix CTpaHMu, 
HTO n03B0/15ieT K/lMeHTaM, MCnO/lbSyiOlAMM 
FreeBSD, «noHMMaTb» pyccKMe MMena cfiaM/iOB 
Ha Windows-cepaepe, m naobopoT. 

B naKeT Samba bxoamt smbclient, npeAO- 
CTae/i/iioiAMM, hommmo no/ibsoBaTe/ibCKoro 
MHTepc|DeMCa KOMaHAHOM CTpOKM, cxo)Kero c 
FTP, eme m B03M0>KH0CTb nenaTM na yAa/ien- 
Hbix npMHTepax. Samba-cepaep nosBO/i/ieT 
KOMnbiOTepy c FreeBSD noAK/uonaTbc/i k NT- 
AOMeny KaK K/iMeHTy m/im KOHTpo/uiepy AOMe- 
Ha (paayMeeTC/i, noAAep>KMBaeTC5i m paboTa 
bea Hero), npeAOCTaB/i/iTb Windows- m Unix- 
K/iMeHTaM AOCTyn k /lOKa/ibHOMy npMHTepy, a 
TaK)Ke noAAop>KMBaTb cnMCOK cepeepoB j\j\s\ 
CBoeM paboneM rpynnbi. 

ripOTOKO/l He CTOMT MCnO/lbSOBaTb npM Ha- 
/iMHMM saMeTHbix saAop/KeK B ceTM (nanpMMep, 
KorAa naKeTBM Hy>KHO npoMTM nepea necKO/ib- 
KO MapmpyTMsaTopoB). B ue/iOM SMB AO/iaeT 
orpaHMHeHMe AOCTyna k cfiaM/iaM na ypoBHe 
pecypcoB HecKO/ibKO npome, a MH0>KecTB0 na- 
CTpoeK Samba-cepaepa m SWAT (aeb-MHTep- 
cfieMC a/ 151 ero KOHcfiMrypMpoBaHM/i, TaK>Ke bxo- 
A511AMM B naKeT Samba) no3BO/i5UOT 
onTMMa/ibHo HacTpoMTb cepBep Aa>Ke nanMHa- 
lomeMy aAMMHMCTpaTopy. 

CeTb M3 MMpa Unix 

B 1985 roAy KOMnaHM/i Sun Microsystems 
BbinycTM/ia nepayio BepcMio ceTeaoM cfiaM/io- 
BOM CMCTeMbi NFS (Network File System), l/la- 
Hana/ibHo npeAHaaHaHeHHa5i f\j\s\ aKcnopTM- » 


npyrne (|)aM;ioBbie CMcreMbi 


yflo6HbiM flocTyn 

ripoeKT Linux UserLand Filesystenn (http:// 
lufs.sourceforge.net) pacLUMpneT bo3mo>k- 
HOCTM FreeBSD, cosAasan BMpTya/ibHyio 
cpaM/iOByio CMCTeMy, npospanHyio a/i5i 
no/ibsoBaTe/ibCKMx npM/io>KeHMM. 

Ona cocTOMT ms MOAy/iH A/151 HApa, obecne- 
HMBaiOLAero obuteHMe co cneuMa/ibHO HanM- 
caHHbiMM AeiN/ioHaiviM, KOTopbie paboTaiOT 


KaK obbiHHbie npM/io>KeHMH. Pea/iMsauMH mx 
H e B BMAe MOAy/ieM HAPa, C OAHOM CTOpOHbl, 
SHaHMTe/ibHO yBe/iMHMBaeT HarpysKy Ha cm- 
CTeiviy, HO c APyroM CTopoHbi, nosBO/meT pe- 
a/iMSOBaTb noAAep>KKy npoTOKO/iOB /iioboM 
C/105KH0CTM. 3 to obecneHMBaeT bosmo>k- 
HOCTb MOHTMpoBaHMH pecypcoB FTP, SSH M 
Gnutella K/ioKa/ibHOM (})aM/i0B0M CMCTeivie. 
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» pOBaHM51 HaCieM CfiaM/lOBOM CMCieMbl c OAHoro 
cepBepa Ha ApyroM, OHa aKiMBHo Mcno/ibso- 
Ba/ia RPC A^^ o6iAeHM5i KOMnoHeHTOB Me>KAy 
C060M, noAAep>KMBa;ia coBMecTHbm Aociyn k 
cfiaM/iaM, a TaK>Ke Bce mx aTpn6yTbi, ncno;ib- 
3yfoiAnec5i b Unix-CMCieMax, m 5iB;i5i;iacb co- 
BepmeHHO npospaHHOM f\j\s\ no/ibsoBaie/i^i. 
l/lcno;ib30BaHMe UDP-npoTOKo;ia BMecTO TCP 
yMeHbiuM/io B/iM5iHMe ceieBbix 3aAep>KeK m 
T pe6oBaTe;ibHocTb c;ia6bix no HbmeiuHMM 
MepKaM KOMnbfoiepoB loro BpeMOHM k pe- 
cypcaM. B HOKOTopbix pea;iM3auM5ix NFS npM- 
o6pe;ia pa3/iMHHbie no;ie3Hbie Aono;iHeHM5i, b 
H aCTHOCTM, nOAAep>KKy KeiUMpOBaHM51 cjDaM- 
;iOB NFS-cepBepa Ha ahcko K/iMenia (o6paiM- 
T6 BHMMaHMe — 3TO H6 51B;i5ieTC51 yHMKa/lb- 
HblM CBOMCTBOM AFS!). 

BpeM5i iu;io, Tpe6oBaHH5i poc/in. Flepaoe 
3HaHMTe;ibHoe M3MeHeHne NFS-npoioKO/ia b 
OCHOBHOM 6bmO CB513aHO C Heo6xOAMMOCTbfO 
noAAep>KKM cfiaM/iOB o6'beMOM CBbime 2 F6aMT. 
B cociaB 3Toro H3MeHeHM5i boiu;im: 

► yBe/iMHeHne MaKCMMa/ibHoro paaMepa 6;io- 
Ka AaHHbix npM onepaun5ix HTeHM^i/sanMCM ao 
32 K6aMT (Large block file transfers); 


► noAAep>KKa OT/io>KeHHOM 3anncM (npe>KHMe 
ciaHAapTbi Tpe6oBa;iM ot cepaepa c6pocmb 
AaHHbie Ha ahck m;im b NVRAM, npe>KAe neM 
OTBenaib na K/iMenicKHM aanpoc na sanMCb); 

► readdirpLus — Bosapai aipHbyioB cfiaM/iOB 
BMecie c jiMCTMHroM Kaia/iora sa OAHy onepa- 
AMfo (b ciapbix BepcM5ix no;iyHeHM5i aipM- 
6yioB Bcex cfiaM/iOB b Kaia/iore c N cfiaM/iaMM 
noTpe6oBa;iacb 6bi N+1 onepaun5i); 

► noAAep>KKa TCP-npoioKO/ia, hto no;io>KM- 
le/ibHo CKaaa/iocb na aarpysKe MapiupyiMaa- 
TopoB M firewaLL. 

Bce 3TO npnBe /10 k co3AaHMfo ceieBOM 
cfiaM/iOBOM CMCieMbl, KOTopa5i cia/ia nacio^i- 

lAMM HeMnMOHOM no npOMSBOAMie/lbHOCTM 
npaKTMHecKM jifobbix onepauMM BHyipM 
JlOKa/lbHOM CeiM. OCHOBHbIM HOAOCTaiKOM 
NFS ocia/iacb c/ia6a5i aaiAMiAennocib. CMCie- 
Ma M3HaHa;ibH0 co3AaBa;iacb 3KcnopiM- 
poeaHM5i cfiaM/iOBOM CMCieMbl c Unix-xocia Ha 
Unix-xoci BHyipM KopnopaiMBHOM ceiM. Ca- 
MM no;ib30Baie;iM paboiaioi c neM KaK c nac- 
IbK) CfiaM/lOBOM CMCieMbl, HMKaKMX K/lMeHI- 
CKMx nporpaMM, KaK a^^ FTP, He ipe6yeiC5i, 
no3iOMy M saiAMia 6bma pea/iMsoBana Aocia- 


lOHHo npMMMiMBHo. Ona paboiaei lo/ibKO 
npM yc/iOBMM, Hio M ceib, M K/iMeHi, M cepeep 
saiAMiAeHbi oixaKepcKMx AeMciBMM. NFS-aa- 
npocbi AO/DKHbi npMxoAMib c npMBM/ierMpo- 
BaHHbix nopiOB 1-1024, Koiopbie He Moryi 
6biib Mcno/ibsoBaHbi no;ib30Baie;ibCKMMM 
npM/io>KeHM5iMM B Unix. FlpaBa Aociyna k 
cfiaM/iy onpeAe;i5iK)iC5i UID no;ib30Baie;i5i, ne- 
peAaHHoro K/iMeniOM cepaepy. 

Co apeMeneM cepaepbi obaaae/iMCb Aono/i- 
HMie/lbHblMM B03M0>KH0CI51MM: 

► root_squash m aU_squash yKasbiaaioi cep- 
Bepy, HIO onepaqMM, aa^iB/ieHHbie k/imohiom 
K aK npoBOA5iiAMec5i c uid=0 (root_squash) 

M/iM c;iK)6biM UID Boo6me (aLL_squash), 

AO/DKHbl MCno;iH51IbC51 C npMBM/ierM51MM no/lb- 
3oaaie;i5i nobody. 3io no3Bo;i5iei /lerKO opra- 
HM3oaaib anoHMMHbiM readonLy-AOCiyn k ne- 
ceKpeiHOM MHcfiopMauMM (nanpMMep, k bmaco- 
cfiaM/iaM, MysbiKe, AOKyMeniauMM, AHCipnbyiM- 
aaM, /usr/share m laK Aa/iee); 

► uid mapping no3Bo;i5iei opraHM3oaaib 
ipaHc;i5iAMK) K/iMeHicKMx UID B cooiaeiciay- 
loiAMe MM UID Ha ciopone cepaepa, hio no- 
;ie3HO, HanpMMep, KorAa no;ib30Baie;iM c oam- » 


CpaBHMTe/ibHbie xapaKTepHcmKH npoTOKo/ioe 



FTP 

SMB 

NFS 

CKOpOCIb /IMHeMHOrO HieHMfl 

BblCOKSH 

BblCOK0H 

OHOHb BblCOK0H 

CKopocib c/iynaMHoro AOCiyna 
M onepaMMM c c|)aM;i0B0M cMcieivioM 

HM3K0H 

BblCOK0H 

OHOHb BblCOK0H 

B03M0>KH0CIb MOHIMpOBaHMB B LlnUX 

Hepes LUFS 

ecTb, smbfs 

eCTb 

B03M0>KH0CIb MOHIMpOBaHMB B APyCMX UnlX-OC 

Hei 

FreeBSD 

Bce Unix-CMCieMbi 

Becn/iaiHbie K/iMeHibi f\ns\ Windows 

BcipoGH B Explorer, FIR FAR 

BCipoeH B Explorer 

ecib SFU v3.5 

SaiAMLAeHHOcib 

HM3K0H 

cpeAHHH; 

To;ibKO LUMct)poB0HMe Hopo/ieM 

HM3K0H 

C/10>KH0CIb HaCipOMKM 
K/iMOHioB B Windows M Linux 

0 H 6 Hb npOCTO 

Windows — oneHb npocio 
Linux — npocio 

Windows — cpeAHHH 
Linux — npocio 

C/10>KH0CIb HaCipOMKM CepBOpHOM HBCIM 

npocTO 

npocio 

cpeAHHH 

PeKOMOHAyeiviaB o6/iacib npMMeHeHMB 

xp0HeHne AaHHbix, 

He ipeOyioLAMx c;iyH0MHoro 
Aociyne, enoHMiviHbie 
4)0M;i-cepBepbi 
C AHCTpM6yTMB0MM, 
iN/iy/ibimvieAHMHOM 
MHCt)OpM0l4MeM M I. H. 

xp0HeHMe ;iio6bix 
p03HOpOAHblX AaHHbix, 
KpoMe 0C060 ceKpeiHbix 

p03Ae;ieHMe cJ) 0 m;iobom CMCieMbi 
Me>KAy cepBep0MM ;im 6 o 
Opr0HM30l4MH (J)0M;i-CepBep0 
C 0HOHMMHblM AOCiynOM 
TO;ibKO H0 HieHMe 


n PM Men MM b ceinx 

;il06bix M0CLUT06OB 

npMMeHMM0 B ;iOK0;ibHblX 

ceiHx M ceiHx mbclutbOb 

npOAnpMHTMH C AOCT0TOHHO 
HM3KMMM 30Aep>KK0MM 

npMMOHMM0 
B ;iOK0;ibHbix ceiHx 




npM OTKpbiTMM Aociyne 
H0 30nMCb npMMOHMM0 
TO;ibKO B CeiHX, 30LAMLAeHHblX 
OT HeC0HKI4MOHMpOB0HHOrO Aociyn0 
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» HaKOBbIMM MMeHaMM MMefOT pas/iMHHbie UID 
Ha cepeepe m K/iMeHie; 

► insecure mounting m B03M0>KH0CTb npnB5i3- 
KM RPC-cepBMCOB K onpeAe/ieHHbiM nopiaM 
OTMeH5iK)T o65i3aTe;ibHoe yc/iOBne ncno;ib30- 
BaHM51 K/lMeHTOM nopiOB 1-1024. 3tO M36aBM- 
;io MHomx aAMHHHCTpaiopoB, HacipaMBafo- 
lAMX firewaLL, ot noA/iMHHbix KOiUMapoB. 

npnB5i3KM cepBMCOB NFS K onpeAe/ieH- 
HbiM nopiaM, HTo6bi o6;ierHMTb ce6e >KM3Hb npM 
HacipoMKe 6paHAMay3pa, ciom npocMoipeib 
c;ieAyK)iAMe cipaHMUbi AOKyMeHiauMM: rpc.statd 
(K/ifOH "-o"), rpc.mountd (k/ik)h "-p"), rpc. 
rquotad (k;ik)h "-p"), rpc.nfsd (luifOH "-p"). 

Ecib HecKO/ibKO pea;iM3auMM NFS-cepae- 
poB, noAAep>KMBaK)iAMX iuMc|DpoBaHMe ipacjDM- 
Ka. 3 to, HanpMMep, sNFS (http://www. 
crufty.net/ftp/pub/sjg/heLp/sNFS.htmL). Kpo- 
Me Toro, npM pa6oie c NFS nepea TCP, KaK m 
npaKTMHecKM f\j\s\ juo6o\a ApyroM ceieBOM 
c|DaM;iOBOM cMcieMbi, ipac|DMK M0>KH0 nepena- 
npaBMTb B npeABapme/ibHO yciaHOB/ieHHbiM 
Me>KAy xociaMM SSL-iyHHe/ib (cosAaHHbm, Ha- 
npMMep, c noMOiAbfo openssL, SSFI m;im stunneL 
(http://www.stunneL.org). B NFSv4 (http:// 


nfsv4.org) noAAep>KMBaeTC5i Kerberos-ayieHiM- 
C|DMKaUM51 M lUMC|DpOBaHMe ipacflMKa. 

CymecTByei HecKO/ibKO NFS-K/iMeHiOB 
Windows, 6o;iblUMHCTBO ns KOIOpblX 51B/151K)TC51 
KOMMepnecKHMM (http://hummingbird.com/ 
products/nc/nfs/index.htmL?cks=y). OAHaKO 
Microsoft He laK a^bho CAe;ia;ia becn/iaiHbiM 
CBOM Services For Unix v3.5 (http://www.mi- 
crosoft.com/windows/sfu), b cociaB Koioporo 
BX0A51T M NFS-K/iMeHT, M NFS-cepBop. 

Fla ceroAH5i o6;iacTb npnMeHeHM5i NFS He 
MSMeHM/iacb, M 3ia cjDaM/iOBa^i CMcieMa no- 
npe>KHeMy 5iB/i5ieTC5i caMbiM yHMBepca/ibHbiM 
MeiOAOM A^^ obMena naci^iMM cfiaM/iOBOM cmc- 
leMbi Me>KAy /lomHecKM CB^isaHHbiMM Apyr c 
ApyroM cepBepaMM. C ee noMoiAbfo mo>kho 
pasAaBaib AncTpn6yTMBbi m o6HOB/ieHM5i 
cepBepoB (ncno;ib3y5i napaMeip aLL_squash b 
/ etc/exports). FlpM bo3mo>khoctm C03AaHH5i 
M3o;iMpoBaHHoro cerMeHia ceiM cepBe- 
poB MO>KHO no/iyHMTb o6iAMM /home. Mo>kho 
cosAaib TaK>Ke besAMCKOBbie pa6oHne cian- 
UMM (http://www.Linuxcenter.ru/Lib/network- 
ing/nfs_root_minihowto.phtmL), (http://www. 
remoteboot.ru/ru/remoteboot/dskLess.htmL). 


FleMa/ibiM MHiepec npeACiaB;i5ieT bo3mo>k- 
HOCTb CMOHTMpOBaib HaCTb cfiaM/lOBOM CMCieMbl 
cepBepa b chroot-OKpy>KeHMe KaKoro-;iM6o ag- 
MOHa, paboiafomero na tom >Ke caMOM cepaepe, 

B readonLy-pe>KMMe: b c/iynae ea/iOMa 3 to ra- 
paHTMpyei eaM OTcyiCTBMe «ipo5iHOB», nanpM- 
Mep, B /usr. «/lerKOCTb» NFS b stom c/iynae 
n03B0;i5ieT CeeCTM K MMHMMyMy H3Aep>KKM moh- 
THpOBaHM51 yAa/ieHHOM CfiaM/lOBOM CMCieMbl. 

Qnfl KOpnopaTMBHOM C0TM 

OaM/ioeyio CMCieMy AFS (Andrew FiLe System) 
paapaboia/iM b MseecTHOM yuMBepcMieie Kap- 
HerM-Me/uioyna, noc/ie Hero Aa/ibHeMiua5i ee 
noAAep>KKa m paapaboTKa AO/iroe BpeM5i ocy- 
iAeciB;i5i;iacb na KOMMepnecKOM ocHoee Kop- 
nopauMeM Transarc. Xot5i K/iMenibi nee 
bbuiM 6ecn;iaTHbi, cepeepHyio nacib npnxoAM- 
jiocb noKynaib. CMiyauM5i M3MeHM/iacb, KorAa 
Transarc 6bma npMobpeieHa IBM: b Konqe 
2000 roAa koa IBM AFS 3.6 6bm onyb/iMKoean 
noA CBoboAHOM jiMuenaMeM kbk OpenAFS 1.0 . 

AFS — pacnpeAe/ieHHa5i cjDaM/iOBa^i CMcie- 
Ma, cnoco6na5i 3cf)c|DeKTMBH0 paboiaib m b ;io- 
Ka/ibHbix cei5ix, M B l/lHiepHeie. Flo/ibaoBaie- 
jifo OHa npeACiaB;i5ieTC5i oahmm 6o;ibiuMM 
AMCKOM, X0T51 Ha CaMOM A6/ie HaCTb AaHHbIX 
MO>KeT ;ie>KaTb na 6;iM>KaMiueM k neMy cepae- 
pe, a Apyra5i nacib — na cepeepe a ApyroM 
ropoAe. oniMMMaaqMM npoMaaoAMie/ibHO- 
ciM AaHHbie, aabpaHHbie c cepaepa, Keiunpy- 
foiC5i Ha AHCKe K/iMeHia, noc/ie Hero paboia c 
HMMM no CKOpOCTM HMHOM HO 0T/lMHaeTC51 OT 
paboTbi c jioKa/ibHbiMM cfiaM/iaMM. FlpM anece- 
HMM B c|DaM;i M3MeHeHMM OHM 0TK/iaAblBaK)TC51 
AO ero 3aKpbiTM5i m;im coxpaHeHM5i, 6;iaroAap5i 
HeMy obteM ipacfiMKa Me>KAy cepaepoM m k;im- 
enioM 3HaHMie;ibH0 yMeHbiuaeTC5i. 

ABTopM3aAM5i no;ib30BaTe;ieM npoMcxoAMi c 
noMOiAbfo Kerberos, hto obecneHMaaei aaiAM- 
lAeHHyio ayieHTMclDMKauMK). Fly>KHyK) MHc|DopMa- 
UMfo npeA0CTaa;i5ieT caM no/ibaoBaie/ib a Hana- 
;ie ceccMM, hto He ipebyeixpaneHM^i napo/ieM 
Bcex no/ibaoeaie/ieM na K/iMenie f\ni\ aaiOMaiM- 
HecKoro MOHTMpoaaHM5i M obecneHMaaei Ha- 
Ae>KHyK) aaiAMiy no/ibaoaaie/ibCKMx AaHHbix. 
fl/151 noAAep>KKM npoapaHHOM aeiopMsauMM Ha 
K/iMeHie peK0MeHAyeiC5i ycianoBMib mm5i no/ib- 
30Baie;i5i, MOAMcfiMAMpoBaHHoe noAAep>KKM 
ayieHTMc|DMKauMM a AFS (nanpMMep, 3iy aaAany 
3HaHMTe;ibH0 ob/iernaei PAM). » 



SFTP/SCP 

AFS 

HTTP/WebDAV 

HMSKan 

BbicoKan 

BbicoKan 6 es Mcno/ibsoBaHMH SSL 

HMSKan, c/iynaMHbm 
Aociyn He noAAep>*<MBaeTCH 

BbicoKan 

HMSKan 

nepes LUFS 

ecTb, AFS 

HOT 

Hei 

Bce Unix-CMCTGMbi 

HOT 

ecTb SSFI c www.ssh.com, PuTTY 

ecTb, OpenAFS 

BCTpoGH B Explorer 

OHGHb HaAe>KHoe lUMCppOBaHMe 
M Tpac|)MKa, M napo/iePi 

HaAe>KHoe Lun(t)poBaHMe 
AaHHbix, aBTopMsauMH 
HGpes Kerberos 

LUMct)poBaHMe napo;ieM, 
n;iM Tpact)MKa, m;im m Toro, 
M APyroro 

Windows — cpoahhh 
L inux — cpeAHHH 

Windows — c;io>kho 
L inux — cpeAHHH 

Windows — onenb npocTO 
Linux — npocTO 

OHGHb npOCTO 

C;iO>KHO 

cpeAHHH, 

B IBM HTTP Server — npocTO 

nepMOAHHGCKMM AOCTyn 
no/ibsoBaie/iePi cepsepa 

K CBOMM AaHHbIM 

AepeHTpa/iMSOBaHHoe 
xpaHGHMe no/ibsoBaie/ibCKMx 
n;iM ;iio 6 bix APyrHX AaHHbix 
B opraHMsauMHx 
M yneOHbix saBGAeHMHx 

paOoia c AaHHbiMM nepes SSL 

ipeOyeiCH shell-Aociyn 
K cepBGpy 

npHiN/iGHMivia B ;iio 6 bix cgthx, 
B TOM HMC;ie M npM paOOTG 
nepes HHTepneT, 6 ;iaroAapH 
sct)ct)eKTMBHOMy a;iropMTMy 
KeiUMpOBaHHH AaHHbix 

pasAana cfiaPi/ioB 
nepes HHTepneT 

BblCOKan SaiAMLAGHHOCTb 
nosBO/iHGT OesonacHO 
nepeASBaib MHct)opMai 4 mo 
HGpes ;iK) 6 bie cgth 
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# BE30riACH0CTb/_ nepeAana ct)aMJiOB 


» B AFS npeAycMOipeHa rn6Ka5i CMCieMa 
cnMCKOB npae Aociyna (ACL), no3Bo;i5iK)iAa5i 
npeAOCTaB/i5iTb Heo6xoAHMbie a^^ coBMeci- 
HOM pa6oTbi npaBa rpynnaM no/ibsoBaie/ieM. 
OneMb no/iesHOM oco6eHHocTbfo 5iB;i5ieTC5i 
noAAep>KKa pen/iMKauMM HacieM cjDaM/iOBOM 
CMCieMbi Ha ApyrMe AFS-cepaepbi. 3jo saMei- 
Ho noBbimaei HaAe>KH0CTb xpaHeHH5i AaHHbix, 
a MHorAa m CKopocib AOCiyna k hum, ec/iM ko- 
Um Heo6xOAMMOM K/lMeHia HHC|DOpMaUMM 
HaxoAMTC5i «6;iM>Ke» opnrMHa;ia. rioAAep>KM- 
BafOTC5i laK HasbiBaeMbie backup voLumes, ko- 
TOpbie n03B0/151K)T MHTyMTMBHO nOH51THblM A^^ 
no;ib30BaTe;i5i o6pa30M opraHM30Baib pe- 
3epBHoe KonnpoBaHMe m xpaHeHMe no;ib30Ba- 
le/ibCKMx AaHHbix Ha /lenie. B OT/iMHMe ot 
K/iaccMHecKOM opraHM3auMM 3Toro npouecca, 

B AaHHOM c/iynae no/ibaoBaie/ib MO>KeT caMO- 
CT05iTe;ibH0 BocciaHOBHTb AaHHbie c backup 
voLume, pa6oia5i c hum KaK c o6biHHbiM Kaia- 
jioroM. K/iMeHTbi m cepaepbi cymecTByfOT 
Bcex ocHOBHbix n/iaicjDopM, BK/ifOHa5i Mac OS X. 

l/l3 HCAOCTaTKOB AFS MO>KHO OTMeiMTb 
C;iO>KHOCTb B aAMMHMCTpMpOBaHMM M T51>Ke;iO- 
BecHocTb cepBepHOM HacTM. OAHaKO ee na- 
Ae>KHOCTb, aaiAMiAeHHOCTb m xopoma^i Mac- 
lUTabMpyeMOCTb Ae/iaei AFS nen/ioxMM 
BbibopoM A/1^1 Mcno;ib30BaHM5i BHyipM 6o;ib- 
moM KopnopaiMBHOM C6TM M/iM opraHM3auMM 
grid-BbiHMc/ieHMM. B KaneciBe a/ibiepnaTHBbi 
AFS MO>KHO paccMaipHBaib cfiaM/iOByK) CMCieMy 
Intermezzo (http://www.inter-mezzo.org), 
KOTopa5i o6;iaAaeT cxo>kmmm c|DyHKUMOHa;ibHbi- 

MM B03M0>KH0CT51MM. OCHOBHOM aKAOHI npM ee 
paapaboTKe Ae/iaera na bbicokom Aociynno- 
CTM xpaHMMbix AaHHbix. rioAAep>KKa paboTbi b 
aBTOHOMHOM pe>KMMe, KOTAa CB5i3b c cepBepoM 
no KaKMM-jiMbo npMHMHaM paapbiBaera, He 
TO/ibKO no/iesHa a^^ grid-BbiHMc/ieHMM, ho m 


OHeHbyAobna ncno;ib30BaHM5i na Hoyiby- 
Kax, Tax KaK 3ia B03M0>KH0CTb obecneHMBaei 
no/ibsoBaie/iK) npoapannyio CMHxpoHMsauMfo 
AaHHbix c paboHOM ciaHUMeM. 

BesflecyuiMM HTTP 

FITTP bbui po>KAeH b nana/ie ASB^iHOCTbix toaob 
npom/ioro BeKa no aaKaay CERN. HecMOip^i na 
CBOK) npocTOTy (pea;iM3auMM FITTP-cepBepoB 
cymecTByioT na Bcex 5i3biKax, Aa>Ke na SheLL m 
P ostscript — http://www.pugo.org), npoioKO/i 
no;iyHM;iC5i AOCTaioHHO mbKMM, m c ero noMO- 
lAbK) MO>KHO nepeAaaaTb He to/ibko can mnep- 
leKCT, HO M jiiobyK) ApyryK) MHcjDopMaumo. 

F/iaBHoe OT/iMHMe FITTP ot Bcex onMcaHHbix 
panee npoioKO/iOB — 3 to OTcyiCTBMe b hom 
nOH51TMM «CeCCM51» M «c|DaM;iOBa51 CMCTeMa». 
C;ieACTBMeM 3ioro cram OTcyiCTBMe «TeKyiAe- 
ro KaTa;iora», neobxoAMMOCTb noATBep>KAeHM5i 
aBTopMsauMM npM Ka>KAOM sanpoce k cepaepy, 
HeB03M0>KH0CTb TBKMx onepauMM, KaK nepeMe- 
meHMe cjDaM/iOB H3 Kaia/iora b Kaia/ior, nepe- 
MMeHoeaHMe m yAa/ieHMe obteKiOB m t. n. 

ripoTOKO/i He Ae/iaei pasnmm Memp,y 
cfiaM/iaMM M jiioboM ApyroM, b tom Hnc;ie m ah- 
HaMMHecKM renepMpyeMOM, MHcfiopMauMeM, no- 
3T0My HOT HMKaKOM B03M0>KH0CTM ySHaTb, HTO 
CKpbiBaeTC5i 3a ccbi/ikom: cfiaM/i c cf)OTorpac|DM- 
en /iiobMMOM babyiuKM, HTML-AOKyMeHT c no- 

C/ieAHMMM H0B0CT51MM M/IM JIMCTHHT KaTa/lOra 
(KOTOpblM, KaK npaBM/lO, 51B/15ieTC51 obbIHHbIM 
HTML-AOKyMeHTOM, cosAaBaeMbiM cepaepoM 
«Ha ;ieTy»). C/ieAoaaTe/ibHO, TaKa^i >Ke npo- 
CTa5i pea;iM3auM5i K/iMeHTa, kbk c FTP, ctbho- 
BMTC51 HeB03M0>KH0M. B bpayaepax CKanMaaTb 
cfiaM/ibi npnxoAMTC5i no OAHOMy, ob mx pa3Me- 
pax, ec/iM aAMMHMCTpaTop ne npeAycMOTpe;i 
noKaa Hy>KHOM HHc|DopMauMM, 0CTaeTC5i to/ibko 


[IporpaMMMCTaM Ha saneTKy 


Ebicrpafl nepeqana qaHHbix 


CMCTeiviHbiM BbisoB sendfHe (man 2 send- 
file) ocyiAecTBnneT nepeAany AauHbix Ha 
ypoBHe HApa ivie>KAy AByMn OTKpbiTbiMM 
(|)aMnoBbiMM AecKpi/inTopaMM (BKmoHan 
TCP-coKeTbi). riocKonbKy npM stom He 
npMxoAMTCH KonkipoBaTb AaHHbie b npoivie- 
>KyT0HHbiM 6yct)ep b cerivieHTe AaHHbix npo- 
rpaiN/iMbi M obpaTHO, to sarpysKa npouec- 


copa M naMHTM SHanMTenbHO CHn>KaeTCH, 
noBbiLuaeTCH bbiCTpoAeMCTBkie. BbisoB 
sendfile ne bxoamt b CTaHAapT POSIX, ho 
noAAep>KMBaeTCH MHori/iMi/i onepauMOHHbi- 
MM CMCTeiviaiviM, OAHaKO ero peanHsauMH 
M0>KeT pasnHHaTbCH. 3 to TpebyeT ocoboro 
noAxoAa npM HanMcaHMM nporpaiviivi, 
McnonbsyiOLAMx Aannyio B03M0>KH0CTb. 


AoraAbiaaTbC5i. CymecTayioiAMe K/iMeHTbi, noA- 
Aep>KMBaK)iAMe peKypcMBHyio CKaHKy, aanacTyio 
pMCKyiOT, noMA^i He no tom ccbuiKe, npMxaaTMTb 
aaoAHO c napoM /iiobuMbix necen no/iOBMHy 
Bcero caMTa. C aaKaHKOM ag/io obcTOMT eme xy- 
>Ke. B /lyniueM c/iynae cpaM/i mo>kho «npMAe- 
nMTb» K cpopMe, noc/ie Hero CGI-ckpmht ao/i- 
>KeH ee obpaboTaTb, m coxpaHMTb no/iyneHHbie 
AaHHbie B Hy>KHOM MecTe na cauTe. Ec/im 
ynecTb, hto MaKCMMa/ibHbiM pa3Mep POST-aa- 
npoca obbiHHO orpaHMHen na ypoBHe cepaepa 
M He npeBbiiuaeT napbi MerabaMT, to b ue/iOM 
nocTpoeHMe cepaepa a^^ paboTbi c cpaM/iaMM 
obopaHMBaeTC5i anaHMTe/ibHbiMM TpyAOsaTpaTa- 
MM aAMMHMCTpaTOpOB M bo/lblUMMM HO- 
yAobcTBaMM a^^ no/ibsoBaTe/ieM. ycTpane- 
HM51 3TMX HOAOCTaTKOB bbuio paapaboTBHo 
paciuMpeHMe FITTP-npoTOKO/ia — WebDAV. 

Ec/im bbiTb tohhbim, to WebDAV BOBce He 
orpaHMHMBaeTC/1 paboTOM c cpaM/iaMM (ho sto 
y>Ke — TeMa OTAe/ibHOM CTaTbM). Oh 
Mcno/ibayeT HTTP KaK TpancnopT m Aobaa/i/ieT 
Bce HeobxoAMMbie a^^ pea/iMaauMM cpaM/ioaoM 
CMCTOMbi MOTOAbi, HanpMMop: 

► b/iOKMpoBKM (Locking); 

► aTpMbyTbi (properties), npMHeM ne to/ibko 
CT aHAapTHbie, npMcyiAMe cpaM/iaM, — bo 3- 
M0)KH0 TaK)Ke AobaB/ieHMe /iioboM MeTaMH- 
cpopMauMM, HanpMMep, cnMCKa aBTopoa m/im 
H abopa K/iiOHeBbix c/iob; 

► onepauMM naA npocTpancTBOM MMen, a na- 
CTHOCTM, cosAaHMe, KonMpoaaHMe m/im nepe- 
MemeHMe obteKToa. 

Hcno/ibsy/i AOCTyna k cpaM/iaM WebDAV, 
K/iMeHTbi no/iynaiOT Bce npeMMymecTBa HTTP- 
npoTOKO/ia nepeA FTP: lUMCppoBaHMe aTpMby- 
TOB AOCTyna npM ayTeHTMCpMKauMM, lUMCppoBa- 
HMe AaHHbix npM nepeAane (c npMMeneHMeM 
HTTPS), noAAop>KKy HTTP-npoKCM m KeiUMpo- 
aaHMe AOKyMeHToa. KpoMe Toro, npM nepeAa- 
He rpynnbi cpaM/iOB Mcno/ibsyeTC/i acero oaho 
TCP- coeAMHeHMe. 

fl/151 aeb-cepaepa apache (http://httpd. 
apache.org) noAAop>KKa WebDAV pea/iM3yeTC5i 
Hepe3 mod_dav (http://www.webdav.org/ 
mod_dav). FlpoTOKO/i TaK>Ke bk/uohoh b IBM 
HTTP-server (http://www.ibm.com/soft- 
ware/webservers/httpservers), ocHoaaHHbiM 
Ha KOAe apache, KOTopbiM k TOMy >Ke MMeeT 
aeb-MHTepc|DeMC, no3BO/i5UOiAMM /lerKO nacTpo- 
MTb/iioboM napaMeTp httpd.conf. 

■ ■ ■ KoHCTaHTMH CTapoAybAeB 
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SaiUMTa OT H e c a H K 1^ M 0 H M p 0 B a H H 0 r 0 Aocryna 

HH4)opMauMOHHafl 6e3onacHOCTb — aio KOMn^eKC Mep no aamure a 3 h- 
Hbix OT HecaHKpuoHupoBaHHoro AOCTyna. OcHOBHaa ue^b 3 tmx Mep — 
MaKCMManbHO 3aTpvAHMTb AOCTvn 3AoyMbiiiJAeHHMKa K cepeepy m ero 


cny>K 6 aM, CAe^ae CTOHMOCib laKoro 
HMMOM Ha cepeepe MHcjDopMauMM. 

Hc|DopMauMOHHa5i 6e3onacHocTb noApa- 
syMeeaeT orpaHMHeHMe KaK c|DM3MHecKO- 
ro AOCTyna k caMOMy cepeepy, laK m ao- 
ciyna nepea l/lHTepHei m /lOKa/ibHbie ceiM k 
c;iy>K6aM, aanymeHHbiM Ha cepeepe. flociyn 
M3BH6 K caMOMy CepBOpy npaKTMHeCKM HOBOa- 
MO>KeH, TaK KaK OH o6blHHO HaXOAMTC51 Ha 3Ha- 
HMie/ibHOM yAa/ieHMM ot a/ioyMbiiu/ieHHMKa m 
oxpaH5ieTC5i. rio3TOMy cnoco6bi aaiAMibi ot 
c|DM3MHecKoro AOCTyna b 3 tom CTaTbe Mbi aa- 
TparMBaTb He 6yA6M. PaccMOTpnM noApo6no 
Apyryfo CTopony MHcjDopMauMOHHOM 6eaonac- 
HOCTM — AOCTyn K aanymeHHbiM na cepaepe 
c;iy>K6aM. Ypoeenb 6eaonacHocTM aasMCMT ot 
U eHHOCTM XpaHMMOM MHC|DOpMaUMM, n03T0My 
nocTpoeHMe aaiAMTbi c/ieAyoT Bbi6npaTb mcxo- 
A 51 M3 3Toro KpMTepM5i. HeT CMbic/ia o6ecneHM- 
BaTb cepbeanyfo aaiAMTy na cepaepe, coAep- 
>KaiAeM AOMaiuHfOK) CTpaHMHKy no/ibaoBaTe;i5i, 
HO coBepmeHHO nenpocTMTe/ibHO orpaHMHM- 
BaTbC5i npocTeMiuMMM MepaMM aaiAMTbi 
KopnopaTMBHoro cepaepa. 


BTOp>KeHM;i BbllUe CTOMMOCTM Xpa- 

HtO Bbl6paTb 
M KaK HacrpOMTb? 

Hana/ia h 6 o 6 xoammo onpeAe/iMTb, KaKMe 
AaHHbie 6yAyT xpaHMTbC5i na cepaepe, m Ka- 
KMe jifOAM 6yAyT MMeTb AOCTyn k 3 tmm AaH- 
HbiM. Ec/im 3TO Be6-cepaep KOMnaHMM, k ko- 
TopoMy MMeeT AOCTyn MHO>KecTBO /ifOAOM no 
BceMy MMpy, hoo 6 xoammo OTKpbiTb AOCTyn 
A/151 Bcex, HO TO/ibKO Ha nopTbi 3Toro Be6- 
cepBepa. Ec/im 3 to KopnopaTMBHbiM cepaep, 

TAe XpaHMTC/l >KM3HeHHO Ba>KHa51 a /151 KOMna- 
HMM MHCf)OpMaAM51, erO C/ieAyOT yCTaHOBMTb 
BHyTpM KOpnopaTMBHOM COTM M/IM B AOMM/IM- 
TapMaoaaHHOM aoHe m o6ecneHMTb orpaHM- 
HeHHbiM AOCTyn — HanpMMep, no IP-aApecy 
M/IM C MACHTMCflMKaUMeM no/ib30BaTe/ieM. 
ycTaHaa/iMBa5i m HacTpaMaa5i nporpaMMbi, 
c/ieAyoT MMeTb b BMAy, hto b /ik) 6 om npo- 
rpaMMe npMcyTCTByfOT oium 6 km; m xot/i neM 
c/io)KHee nporpaMMa, TeM TpyAHee mx pac- 
noanaTb, paHO m/im noaAHO 3 tm oium 6 km 6y- » 
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» AyT o6Hapy>KeHbi. noaioMy, Bbi6npa5i npo- 
rpaMMHoe o6ecneHeHne, ciapaMTecb ycia- 
HaB/iMBaib Han6o;iee CBe>KMe BepcMM, HTo6bi 
M36e>KaTb Mcno/ib30BaHM5i nporpaMMbi, 6e30- 
nacHOCTb KOTopoM noA BonpocoM. flepeA yc- 
laHOBKOM BHHMaie/ibHo npocMOTpme b 
Makefile Bce B03M0>KHbie k;ik)hm npM c6op- 
Ke. HeKOTopbie nopibi bbiboa^it 3tm napaMe- 
ipbi noc/ie KOMaHAbi make; b ibkom c/iynae 
npM Heo6xoAMMOCTM Ha>KMMTe CtrL-C m aany- 
CTMie c6opKy aaHOBO c Heo6xoAHMbiMM K/ifo- 
HaMM. Ec/im Heo6xoAMMO co6paib nopi co 
cneuMc|DMHecKMMM napaMeipaMM KOMaHAbi 
configure, 3tm napaMeipbi HaAO BHecTM b 
nepeMeHHyfo CONFIGURE_ARGS b Makefile 
nopia. HacTpanBa5i c/iy>K6y, BHHMaie/ibHo 
npoHMiaMTe AOKyMeHiauMK), oco6eHHo c|DaM;i, 
B KOTOpOM OnMCaHbl M3MeHeHM51, BHeceHHbie 
B nporpaMMy. 06paiAaMie TaK>Ke BHMMaHMe 
Ha KOHcfiMrypauMK) Aociyna aAMHHHCTpaio- 
pa: B ;ik)6om AOCiynHbm aAMHHHCTpaiopy 
MHTepc|DeMC Aociyn no IP-aApecy >Ke;iaTe;ib- 
Ho orpaHMHMTb cpeACTBaMM firewall m/im ca- 
MOM c;iy>K6bi. Ec/im Bbi xoiMie no/iynaTb CBe- 
m\/\o MHc|DopMauMK) o6 o6Hapy>KeHMM 
y/i3BMMbix MecT B yciaHOB/ieH H bix Ha cepae- 
pe c/iy>K6ax, noAnMiuMiecb na cooTBeiCTBy- 
foiAMe paccbi/iKM, noce/UAeHHbie MHcfiopMauM- 
OHHOM 6e3onacHOCTM (nanpMMep, na 
BugTraq, freebsd-security m/im pyccKO/i3biH- 
HbiM BapnaHT http://security.nnov.ru). flpM 
o6Hapy>KeHMM «Abip» bhocmto Mcnpaa/ieHM/i 
B KOHcfiMrypauMK) c/iy>K6bi m/im yciaHaB/iM- 
BaMie 6o/iee CBe/Kyfo aepcMfo. 

Bbi6paHHbiM napo/ib TaK>Ke b/im/iot Ha 6e30- 
nacHOCTb coeAMHeHM5i: c/imiukom kopotkmm m/im 
/ lerKO yraAbieaeMbiM, oh no3BO/iMi 3/ioyMbiiu- 
/leHHMKy ropa3AO 6bicipee no/iyHMib AOCiyn k 
pecypcaM, npeAOCiaB/i/ieMbiM f\ni\ 3tom yneiHOM 
3anMCM. flocTaioHHO 6e3onacHbiMM ceroAH/i 
CHMTafOTC/1 napo/iM a/ihhom He Menee bocbmm 
CMMBO/IOB, B KOTOpbIX npMCyiCTByfOT AMcj/pbi, 3a- 
r/iaBHbie m cipoHHbie 6yKBbi. EciecTBeHHo, b Ka- 
HecTBe napo/151 ne c/ieAyei ynoipeb/i/iTb Aaibi 
po)KAeHM5i, MMena m npoHMe AaHHbie, Koiopbie 
MOryi 6blTb 51BH0 CB513aHbl C BaMM. 

rioHTOBbie cepeepbi 

ripoTOKO/ibi obMena homtom onenb y/i3BMMbi, 
laK KaK BC51 MHCf)0pMaUM51, B TOM HMC/ie M 
yneTHbie AaHHbie no/ibaoBaie/i/i, nepeAafoic/i 


B OTKpbiTOM BMAe M Moryi 6biTb nepexeane- 
Hbl M MOAMC|DMAMpOBaHbl. fl/151 npoAOTBpaiAO- 

HM51 nepexBaia napo/ieii m coo6meHMM ao- 
CTaiOHHO 3aiUMC|3pOBaTb Becb Tpac|DMK c 
noMOiAbfo SSL. Ec/im iuMc|DpoBaHMe no KaKMM- 
/im6o npMHMHaM HeB03M0)KH0, npoAOTBpa- 
TMTb nepexBai napo/i/i mo>kho, Mcno/ibay/i 
a/ibiepHaTMBHbie MeioAbi aBiopMaauMM, npM 
KOTopbix nepeAaeic/i He can napo/ib, a ero 
xem (hash — yHMKa/ibHbiM MAeniMcfiMKaTop, 
0AH03HaHH0 MAeHTMcfiMAMpyfoiAMM napo/ib- 
Hyfo c|Dpa3y). K co>Ka/ieHMK), noAo6nbie Meio- 
Abi aBTopMsauMM pea/iM30BaHbi lo/ibKO b 
npoTOKO/iax SMTP m IMAP4. 

HaM6o/iee npocibiM cnoco6oM 3aiuMc|Dpo- 
Baib coeAMHeHMe ociaeic/i Mcno/ib30BaHMe 
nporpaMMbi stunnel (/usr/ports/security/ 
stunnel). Ona no3BO/i5ieT opraHMSOBaib npo- 
apaHHbiM iuMc|DpoBaHHbiM TyHHe/ib j\j\5\ npo- 
rpaMM, KOTopbie ne noAAep/KMeafOT SSL. flpo- 
rpaMMa caMocio/ne/ibHo ycTanaB/iMBaei 
lUMC|DpOBaHHOe coeAMHeHMe C K/lMeHIOM M 
nepeAaei Ha cepaep y>Ke paciuMc|3poBaHHbie 
AaHHbie. fl/151 ee pa6oibi neo6xoAMM k/ik)h, 
C03AaHHbiM npM noMOiAM yiM/iMTbi openssl 
M/iM no/iyneHHbiM ot uenipa cepiMcfiMKauMM, 

M CepiMCflMKaT, BbinMCaHHblM 3TOrO K/lfO- 
Ha. Ha ocHoee no/iyneHHbix K/ifona m cepiM- 
CflMKaTa 6yA6T npOM3BOAMTbC51 lUMC|DpOBaHMe 
AaHHbix. 06paiMTe BHMMaHMe: no/ie CN cep- 
TMcj/MKaia AO/DKHO coBuaAaTb c MMeHeM cep- 
Bepa, K KOTopoMy Bbi 6yAeie o6paiAaTbC5i. 
Ec/im cepaep HasbiBaeic/i mail.wormhole.ru, 
a cepiMcfiMKaT b no/ie CN coAep>KMT worm- 


hole. ru, TO nOHTOBblM K/lMeHT 6yA6T BblAaBaTb 
oiuMbKy HecooTBeTCTBM5i MMOHM cepBopa M 
cepTMc|DMKaTa npM Ka>KAOM npoaepKe noHTbi. 
fl/151 pa6oTbi Hy>KeH paciuMc|DpoBaHHbiM k/ik)h; 
ec/iM K/ifOH 6bi/i 3aiuMc|DpoBaH napo/ieM, ero 
HaAO paciuMc|DpoBaTb npM homoiam nporpaM- 
Mbi openssl (openssl rsa -in 3aiuMc|DpoBaH- 
HblM_K/lfOH -out paClUMC|DpOBaHHblM_K/lK)H). 
no/iyneHHbiM k/hoh m cepTMcfiMKaT yAo6- 
CTBa MCn0/lb30BaHM51 MO)KHO oG-bOAMHMTb B 
OAMH c|DaM/i, ycTanoBMB 3Toro cf)aM/ia B/ia- 
Ae/ibqa root m npaBa AOCTyna 440. 

ripM KOMHM/l/IAMM UporpaMMbl HaCTpOOK HO 
Tpe6yeTC5i. floc/ie ycTanoBKM b KOHcfiMrypauM- 
OHHOM c|DaM/ie /usr/local/etc/stunnel.conf 
Heo6xoAMMO nponMcaTb nyTb k cosAannoMy 
c|DaM/iy K/ifona m cepTMcfiMKaTa b napaMOTp cert, 
a TaK)Ke napaMeTpbi neo6xoAMMbix cepBM- 
COB. B cfiaM/ie stunnel.conf y>Ke npMcyTCTByiOT 
onMcaHM/1 3aiuMc|DpoBaHHbix BepcMM npo- 
TOKO/iOB SMTP, POPS M IMAP4 (ohm HasbiBaiOT- 
C51 cooTBOTCTBeHHO ssmtp, popSs M imaps) — 
Heo6xOAMMO TO/lbKO CH51Tb KOMMOHTMpOBaHMO 
C COOTBOTCTByiOlAMX CTpOK. Ec/IM CepBOp 3B- 
lAMiAOH firewall, opraHMsyiiTe cooTBeTCTByio- 
lAMe AOCTynbi pa6oTbi c iuMc|DpoBaHHbiMM 
BepcM/iMM npoTOKO/iOB (465, 995 m 993). 
fla/iee aanycTMTe stunnel npM homoiam 
/ usr/local/etc/rc.d/stunnel.sh start. Ec/im 
stunnel no KaKOM-/iM6o npMHMHe He aanyc- 
TM/1C51, nOCMOTpMTe C006lA6HMe o6 OlUMbKe B 
/var/log/messages: oho coAep>KMT b ce6e 
npMHMHy c6o5i c/iy>K6bi. flpM nacTpoMKe noH- 
TOBOrO K/lMOHTa o6paTMTe BHMMaHMe, HTO » 
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» SMTP y>Ke totob k pa6oie c SSL, h KOMaHAy 
starttLs Hero noAaeaTb He naAo; KpoMe 
Toro, HeKOTopbie noHTOBbie K/iMeHibi (nanpM- 
Mep, TheBat m;im SyLpheed) Tpe6yfOT 5 ibho 
yKasaib inn SSL-coeAHHeHM5i. 

flaHHbiM cnoco6 onenb npocT b pea/iMsa- 
[\m, HO MMeei cepbesHbm HeAOCTaioK: Bce 
BxoA^iiAMe coeAMHeHM5i B /lorax noHTOBoro 
cepBepa 6yAyi McxoAMib ot aApeca 127.0.0.1, 
M onpeAe/iMTb pea/ibHbm IP-aApec, c Koiopo- 
ro npmue;i K/iMeni, mo>kho 6yAei to/ibko c 
noMOiAbfo ana/iMsa o6onx;ioroB cfiaM/ia (jiora 
noHTOBoro cepaepa m Jiora nporpaMMbi stun- 
neL). Ot aioro HeAOCTaiKa CBo6oAen cnoco6 
pea/iMsauMM SSL- iuMc|DpoBaHM5i na caMOM 
noHTOBOM cepaepe. 

fl/151 pea/iMsauMM SSL-iuMc|DpoBaHM5i a 
SMTP-cepaepe sendmaU noHaAo6mc5i yciano- 
BMTb naKei cyrus-sasL2 (/usr/ports/security/ 
cyrus-sasL2), a Aa^ee ;im6o nepeco6paib send- 
maU M3 McxoAHbix koaob cMcieMbi (ec/iM ohm 
yciaHOB/ieHbi b /usr/src/), ;im6o yciaHOBMib 
sendmaiL-sasL m 3 nopioa (/usr/ports/ 
maU/sendmaU-sasL). nepaoro cnoco6a b 
( jDaM/i /etc/make.conf Heo6xoAMMO Ao6aaMTb 
c;ieAyK)iAMe cipoKM 

SENDMAIL_CFLAGS=-I/usr/local/include/ 
sasl -DSASL 

SENDMAIL_LDFLAGS=-L/usr/local/lib 

SENDMAIL_LDADD=-lsasl2 

riepeMA5i B Kaia/ior /usr/src/usr.sbin/ send- 
maU, Hy>KHO Bbino/iHMib KOMaHAbi: 


make 

make install 

fl/151 BToporo cnoco6a AOCTaioHHO nepeMTM b 
K aianor nopia m BbinonHMib make install. Flo- 
c/ie c6opKM M yciaHOBKM sendmail HaAO ne- 
peMTM a KaTa/ior /etc/mail, rAe xpaH5iTC5i koh- 
cfiMrypauMOHHbie c|DaMnbi cepaepa, m Ao6aaMTb 
c;ieAyK)iAMe CTpoKM a cfiaMn MM5i_cepaepa.mc 
(ec/iM >Ke TaKoro cfiaMna HeT, HaAO abinonHMTb 
KOMaHAy make, KOTopa^i co3AacT 3 tot c|DaMn m 3 
npoTOTMna freebsd.mc) 

define ('confSERVER_CERT', 'nyTb 

AO (J)aMJia c KjnoMOM vi cepTvi(J)viKaTOM') 

define('confSERVER_KEY', 'nyTb ao (J)aMJia c 

KJnOHOM M cepTvi4)viKaTOM') 

riocAe Ao6aaAeHM5i CTpoK abinoAHMTe make 
M npoTecTMpyMTe noAyneHHbiM KOHcfiMrypauM- 
OHHblM cfiaMA Ha HaAMHMe OIAmGoK npM nOMOlAM 

sendmail -bt -C MMH_cepBepa.cf. 

Ecam ace 6bmo CAe^ano npaaMAbHO, oiamGok 
6biTb He AOA>KHo. flaAee BbinoAHMTe make in- 
stall M make restart, htoGbi ycTanoBMTb kohc|dm- 
rypauMOHHbiM cfiaMA m aacTaaMTb noHToabiM cep- 
Bep npoHMTBTb ero. flAA npoaepKM 
npaBMAbHOCTM ycTanoBKM neo6xoAMMO c noMO- 
lAbfo telnet aaMTM na nopT cepeepa (telnet 
127.0.0.1 25) M BbinoAHMTb KOMaHAy «ehlo 
test». Ecam cepBep co6pan c noAAep>KKOM SASL 


M npOHMTaA KAfOH M CepTMCflMKaT, OH A3CT OTBOT 
STARTTLS; ecAM TaKOM CTpoKM hot, npMAeTCA 
BHMMaTOAbHO M3yHMTb Aor-cfiaMA nOHTOBOrO 
cepBepa (/var/log/maillog) m onpeAeAMTb, na 
KaKOM 3Tane nacTpoMKM Aonymena omM6Ka. 

flAA peaAMsauMM iiJMc|DpauMM Ha cepeepe 
P0P3/IMAP Heo6xoAMMa ee noAAep>KKa: 3to 
MO>KeT 6biTb qpopper (/usr/ports/ mail/qpop- 
per, TOAbKO pop3 m pop3s) mam cyrus-imapd 
(/usr/ports/mail/cyrus-imapd2 m /usr/ports/ 
mail/cyrus-imapd22). 06a cepaepa noAAep>KM- 
aafOT SSL 6ea AonoAHMTeAbHbix HacTpoeK npM 
KOMnMAAUMM; cyrus-imapd TaK >Ke noHaAO- 
6mtca cyrus-sasl. flocAe ycTaHOBKM m c6opKM 
qpopper HaAO BHecTM CAeAywiAMe M3MeHeHMA 
a cjDaMA KOHcfiMrypauMM (/usr/ local/etc/ 
qpopper.config): nepeMeHHyfo tls-support yc- 
TaHOBMTb a STLS mam b alternate-port — nep- 
BbiM napaMOTp paapemaeT pa6oTy KOMaHAbi 
STLS, HTo6bi iiJMc|DpoBaHHbie m o6biHHbie cooam- 
HOHMA iiJAM Ha OAMH nopT, a BTOpOM yCTaHaBAM- 
aaeT AAA llJMC|DpOBaHHblX COeAMHOHMM OTAOAb- 
HbiM nopT (995). OAHaKO KOMaHAy STLS naAO 
McnoAb3oaaTb toabko a KpaMHMx CAynaAx, no- 
CKOAbKy ee noAAep>KMBaK)T ne ace coapeMen- 
Hbie KAMeHTbl. 06blHHO AOCTaTOHHO 3HaHeHMA 
alternate-port, a a nepeMennoM tls-identity-file 
Hy>KHO yKaaaTb nyTb k cfiaMAy c kak)hom m cep- 
TMcfiMKaTOM. flocAe sanycKB qpoppper npoae- 
pMTb npaaMAbHOCTb nacTpoMKM mo>kho c noMO- 
lAbfo KOMaHAbi sockstat, a KOTopoM AOA>KeH 
6biTb OTKpbiTbiM nopT 995. HacTpoMKa cyrus- 
imapd npaKTMHecKM ne OTAMHaeTCA ot nacTpoM- 
KM qpopper. B ero KOHc|DMrypauMOHHOM cfiaMAe 
(/usr/local/etc/imapd.conf) naAO yKaaaTb b 
napaMOTpax tls_cert_file m tls_key_file nyTb ao 
cfiaMAa c KAfOHOM M cepTMcfiMKaTOM, a TaK>Ke a 
/usr/local/etc/cyrus.conf chatb KOMMeHTMpo- 
aaHMe CAy>K6bi pop3s m imaps. flocAe aanyc- 
Ka cepaepa npaaMAbHOCTb nacTpoMKM npoae- 
pAeTCA KOMaHAOM telnet (telnet 127.0.0.1 
995 M telnet 127.0.0.1 993). flpM npaaMAb- 
HOM HacTpoMKe telnet ycTanoBMT coeAMHe- 
HMe, a a CAynae oiamGkm aepneT coo6meHMe 
0 HeB03MO>KHOCTM MHMqMaAM3MpOBaTb SSL 
M paaopaeT coeAMHeHMe. 

FTP-cepsepbi 

FTP-cepaepbi TaK >Ke haoxo aaiAMiAeubi ot 
nepexaaTa nepeAaaaeMbix AaHHbix, KaK m 
noHTOBbie cepaepbi. JlorMH m napoAb noAbso- » 
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» BaTe/151 nepeAafOTC5i no npoTOKO/iy b OTKpbi- 
TOM BMAe M Moryi 6biib nepexBaHeHbi. Banac- 
Tyfo napo/ib npoBep5ieTC5i no CMCieMHOM 6a3e 
AaHHbix, nosTOMy nepexBaneHHbie yneTHbie 
AaHHbie Moryi 6biib Mcno/ibsoBaHbi no- 
;iyHeHM5i Aociyna k ApyrMM, 6o;iee ycTOMHM- 
BbiM K BS/iOMy c;iy>K6aM, TaK>Ke Mcno/ibsy- 
foiAMM cMCTeMHyfo 6asy AaHHbix (nanpHMep, 
A/151 AOCTyna no SSH). flocKO/ibKy ciaHAapi 
FTP-npoTOKo;ia m cymecTByfoiAMe noHTOBbie 
K/lMeHTbl He nOAAOp>KMBaK)T HMKaKMX Meio- 
AOB iuMc|DpoBaHM5i AaHHbix M napo/151, MC- 
no/ib30BaHne FTP-c/iy>K6 c/ieAyei CBecTM k 
MMHMM yMy M npHMeH51Tb MX TO/lbKO laM, TAe 
3TO coBepmeHHo h6o6xoammo. TaK>Ke c;ie- 
Ayei aKTMBHo npMMeH5iTb orpaHMHeHM^i ao- 
ciyna k FTP-cepaepy no IP-aApecy m mc- 
no;ib30BaTb MexaHM3M chroot HTo6bi 
3anpeiMTb Aociyn k ApyrMM Kaia/ioraM, Kpo- 
Me pa6onero. BCipoeHHoro b CMCieMy 
FTP-cepaepa AOCTaioHHO BHecTM b c|DaM;i 
/etc/hosts. allow cipoKM BMAa «ftpd : 
195.230.89.77 : allow». Ec/im BMecTO allow 
HanMcaib deny, to yKaaaHHoro IP-aApe- 
ca M/iM Anana30Ha aApecoB AOCTyn MO>KeT 
6biTb aaKpbiT. TaK>Ke orpaHMHeHM^i ao- 
CTyna no IP-aApecaM MO>KeT Mcno;ib30BaTbC5i 
firewall. Ec/im b KanecTae FTP-cepaepa mc- 
no/ib3yeTC5i proftpd (/usr/ ports/ftp/proft- 
pd), TO orpaHMHeHM /1 AOCTyna no IP- 
aApecaM c/ieAyeT npMMOH/iTb mm/i cepaMca 
«ftp» BMecTO «ftpd». Bo/iee Toro, cepaep 
MO)KHO HaCTpOMTb Ha MCn0/lb30BaHMe OT- 
Ae/ibHOM 6a3bi A^^ aBTopM3auMM no/ibaoaa- 
Te/ieM, MCK/ifOHa/1 B03M0>KH0CTb nepexBaTa 
napo/151 noc/ieAyK)iAero AOCTyna nepea 
aaiAMiAOHHbie c/iy>K6bi. fl/i/i OTAe/ibHOM 6a3bi 
HaAO CKOMnM/iMpoaaTb proftpd m 3 nopTOB c 
Mcno/ib30BaHMeM K/ifona WITFI_MYSQL m bho- 
CTM B KOHc|DMrypauMOHHbiM c|DaM;i (/usr/local/ 
etc/proftpd.conf) c/ieAyK)iAMe MSMeneHM/i: 

SQLAuthTypes Plaintext 
SQLAuthenticate users* 

SQLConnectInfo BASE@127.0.0.1 LOGIN PASS 
SQLDefaultGID 65534 
SQLDefaultUID 65534 
SQLMinUserGID 100 
SQLMinUserUID 500 
SQLUserInfo users userid passwd uid 
gid homedir shell 


TAe BASE — 3TO MM51 6a3bi na MySQL-cepaepe, 
LOGIN M PASS — cooTBeTCTBeHHO, /lOTMH M na- 
po/ib AOCTyna k 3tom 6ase AaHHbix. TaK>Ke 
HaAO C03AaTb Ha MySQL 6aay AaHHbix, a b hom 
Ta6/iMAy users, m npeAOCTaBMTb AOCTyn k stom 
6aae no/ibsoBaTe/iio USER: 

CREATE database BASE; // CAejia/m 6asy 
CREATE TABLE users ( 
userid varchar(30) NOT NULL default ", 
passwd varchar(80) NOT NULL default ", 
uid int(ll) default NULL, 
gid int(ll) default NULL, 
homedir varchar(255) default NULL, 
shell varchar(255) default NULL, 

UNIQUE KEY userid (userid) 

) TYPE=MyISAM; // cosAa/m Tabjumy 
GRANT all on BASE.* to USER@127. 0.0.1 
identified by PASS; // AobaBvum 
nojibsoBaTejiH 

OrpaHMHMTb paspemeHHbiM noAbsoBaTeAio 
AOCTyn paboHMM KaTa^oroM (chroot) mo>kho 
AM peKTMBOM «DefaultRoot ~»: b tbkom CAynae 
B proftpd KopneBbiM KaTa^oroM noAb30BaTeA5i 
6yA6T ero paboHMM KaTa^or, m oh He CMO>KeT 
yBMA6Tb KaTaAorM ApyrMX noAbsoBaTeAeM mam 
CMCT eMHbie KaTaAorM. Mo>kho TaK>Ke yKaaaTb 
MCKAK)HeHM5i M3 rpynnbi DefaultRoot, nocTa- 
BMB nocAe TMAbAbi «~» MM51 rpynnbi c bockam- 


uaTeAbHbiM 3HaKOM «DefaultRoot ~ !stuff», — 
TOTAa noAb30BaTeAM, BKAioneHHbie b rpynny 
stuff, 6yAyT bmactb Bce KaTa^orM cepaepa, a 

BCeM OCTaAbHbIM KOpHeBOM KaTBAOT 6yA6T 
noAMeH5iTbC5i Ha paboHMM, 3a npeAOAbi koto- 
poro OHM He CMoryT bbimtm. Bo bctpoohhom 
FTP- cepaepe cnMCOK noAbaoBaTe^eM, KOTopbiM 
HeobxoAMMO CMeHMTb KopneaoM KaTa^or na 
MX paboHMM, HaxoAMTC5i B cfiaMne /etc/ftpch- 
root (sToro cfiaMna a cmctomo M3HanaAbHO hot, 

M ero HaAO C03A3Tb). 

3tmm MexaHM3Mbi aaiAMTbi FTP-cepeepa mc- 
HepnblBaK)TC51, n03TOMy MCnOAbSOBaTb «OTKpbl- 
TbiM BceMy l/lHTepHeTy» FTP-cepeep ctomt 
TOAbKO B cooTBOTCTByioiAMx CAyHa/ix — HanpM- 
Mep npM npeAOCTaaneHMM ycAyr xocTMHra mam 
nybAMHHoro FTP-KaTanora. Bo acex ocTanbHbix 
CAyna/ix nyHiue orpaHMHMTb Kpyr IP-aApecoa, c 
KOTopbix 6yA6T ocymecTBA/iTbc/i AOCTyn, mam 
aaMOHMTb FTP na SFTP (sto OAHa m3 nporpaMM, 
BXOA/UAMX B cocTaa SSFI, KOTopa/i pea^MsyeT 
cfiyHKUMOHaAbHOCTb FTP-cepaepa m FTP-KAMen- 
Ta Ha 6a3e iuMc|DpoBaHHoro coeAMHeHM/i). 

HTTP-cepsepbi 

CaMOM BOCTpeboBaHHOM CAy>K6oM B l/lHTepne- 
Te M ceT5ix MHTpaneT 5iBn5ieTC5i FITTP-cepaep. 

Ero npMMeneHMe HpeaBbinaMHO lUMpoKO — ot 
T pMBMaAbHoro AOCTyna k cfiaMnaM ao McnoAb- » 
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# BE30nACH0CTb/_ WWW-, Mail-, FTP- m DNS-cepBepbi 


» 30 BaHM 5 i B 6 o;ibiuMx CMCieMax ynpaB/ieHM 5 i 
AaHHbix M pea/iMsauMM cipyKTypbi «TOHKoro 
K/iMeHTa». noaiOMy 6 o;ibiuMHCTBO aiaK npnxo- 
AMTC 51 MMCHHO Ha HTTP-cepBepbi. AiaKM Ha 
HTTP-cepBep mo>kho pasAe/imb na ab 6 nacTM: 
aiaKM Ha nporpaMMHoe o 6 ecneHeHne cepae- 
pa, npM KOTOpbIX MCno;ib 3 yK)TC 51 y 513 BMMOCTH 
caMoro cepeepa, m aiaKM na coAep>KMMoe, npM 
KOTOpbIX y 513 BMMOCTM MlAyiC 51 y>Ke B KOAe Bbl- 
no;iH 5 ieMbix na stmx cepeepax nporpaMM (na- 
npMMep, CGI- M PHP-CKpMnibi). ABiopM 3 auM 5 i 
no MeiOAy basic, Koiopa^i BcipeHaera na 
997o caMTOB, TaK>Ke HeAOCiaiOHHO aaiAMiAena 
OT nepexeaia napo;i 5 i, nocKO/ibKy /lorMH m na- 
po/ib nepeAafOTC 5 i oiKpbiibiM leKciOM: nepe- 
AaaaeMbie oi cepeepa k cepaepy ABHHbie ne 
iuMc|DpyK)TC 5 i M Moryi 6 biib nepexBaneHbi 3 /io- 
yMbim/ieHHMKOM. Bbi 6 op loro m;im mhoto moto- 
Aa aaiAMTbi aaBMCMi oi xapaKiepa xpaHMMbix 
AaHHbix M MX Ba>KHOCTM. 

BaiAMTMTb nepeAaaaeMbie ABHHbie oi nepe- 
xaaia mo>kho, Mcno;ib3y5i BMecio obbiHHoro 
HTTP-cepaepa ero SSL-aepcMio (/usr/ports/ 
www/apachel3-ssL; a apache2 hot SSL-pea- 
;iM3auMM B CMCieMe nopioa). HacipoMKa SSL- 
aepcMM cepaepa hmh 6 m ho oi/iMHaera oi 
obbIHHOM HaCipOMKM — Heo6xOAMMO JlMlUb 
yKaaaib a KOHcfiMrypauMM cepaepa «SSLEngine 
on», a B nepeMeHHbix «SSLCertificateFUe» m 
«SSLCertificateKeyFUe» yKaaaib nyib ao cep- 
TMc|DMKaTa M K/ifOHa. 3anycKaib laKOM cepaep 
HaAO KOMaHAOM apachectL startssL (ec/iM npo- 


CTO BaecTM start, to MOAy/ib SSL He 6 yAei 
aKTMBMpoBan). Flo/ie CN-cepiMcfiMKaTa ao/dkho 
coBnaAaib c MMeneM cepeepa, MHane 6 payaep 
6 yA 6 T coobmaib o HecooTBeiCTBMM no/ieM npM 
Ka>KAOM obpameHMM k cipaHMue. flocKO/ibKy 
co 3 AaHMe M noAAep>KKa SSL-coeAMHeHM 5 i ipe- 
6 yei HeKOTopoM hbctm pecypcoe npoueccopa, 
SSL >Ke;iaTe;ibHO Mcno/ibsoaaTb b c/iynae oct- 
poM HeobxoAMMOCTM: HanpMMep, mo>kho pasAe- 
jiMTb caMT Ha ABe naciM, b oahom m 3 Koiopbix 
6 yA 6 T HaxoAMTbC 5 i o 6 iAeAOCTynHa 5 i MHcfiopMa- 
\\m (6e3 iuMc|DpoBaHM 5 i), a a ApyroM — aaKpbi- 
ia 51 MHC|D 0 pMaUM 51 , 3 aiUMC|DpOBaHHa 51 npM nOMO- 
lAM SSL M HeA 0 CiynHa 5 i nepexaaia. 

fl /151 aaiAMTbi caMoro cepaepa ot aiaK ecib 
TO/ibKO OAHO AeMciaeHHoe pemeHMe — 6 bici- 
poe pearMpoBaHMe na coo 6 meHM 5 i o napyiue- 
HMM 6 e 3 onacHOCTM a Mcno/ibsyeMbix nporpaM- 
Max (apache, php, perL). TaK>Ke neobxoAMMO 
CBoeapeMeHHoe obnoe/ieHMe nporpaMMHoro 
o 6 ecneHeHM 5 i cepeepoe. 

OaHMM M 3 CaMbIX y 513 BMMblX MeCT B 6 e 30 - 
nacHOCTM 5 ia;i 5 iK)TC 5 i nporpaMMbi, aanymeHHbie 
no;ib 30 BaTe;ieM Ha aeb-cepaepe (PHP- m CGI- 
CKpMnibi). Henpoc|DeccMOHa;ibHO HanMcaHHbiM 
CKpMni CTaH 0 BMTC 51 MCTOHHMKOM npo 6 /ieM 

caMia, a a xyAiueM c/iynae — mhotmx 
caMTOB M/iM cepaepa b ue/iOM. HanpMMep, ec- 
;iM nporpaMMa no;ib 30 BaTe;i 5 i He npoeep^iei 
nepeAaHHbiM b napaMeipax nyib k cfiaM/iy, 
3 / 10 yMbllU;ieHHMK MO>KeT OTKpbITb CMCieMHbie 
c|DaM;ibi M/iM c|DaM;ibi m 3 aaiAMiAennoM o 6 ;iacTM 


3Toro cepeepa. aaiAMibi ot noAobnoro 
BMAa aiaK cymecTayeT motoa suexec m nabop 
MeioAOB safe-mode. flepabiM MeioA (suexec) 
paboiaei CGI-CKpMnToa: oh orpaHMHMaa- 
ei MecTono;io>KeHMe CKpMnia a cfiaM/iOBOM cm- 
cieMe M npMBM/ierMM, c KoiopbiMM paboiaei 
CKpMni. BiopoM MeioA (safe-mode) 5iB/i5ieTC5i 
HacTbfo php M orpaHMHMaaei c|DyHKUMOHa;ib- 
HOCIb PHP-CKpMniOB. 

BK;iK)HeHM 5 i suexec AOCTaioHHo a koh- 
cfiMrypauMM caMia yKaaaib AHpeKiMeaMM User m 
Group no;ib 30 BaTe;i 5 i m;im rpynny, ot mmohm ko- 
Topbix byA 6 T 3 anycKaibC 5 i CGI-CKpMni. 

yc/iOBM5i paboTbi CGI-CKpMnia npM bk/ho- 
HeHHOM suexec c/ieAyioiAMe: 

► ID no;ib30BaTe;i5i ao/dkho bbiib ne Menbiue 
1000, HTO aeiOMaiMHecKM aanpemaei aanycK 
nporpaMM ot mmohm paa/iMHHbix c/iy>Kb; 

► B/iaAe/ibueM m rpynnoM CKpMnia AO/DKHbi 
bbiTb le B/iaAe/ieu m rpynna, Koiopbie yKa- 
3biaaK)TC5i AHpeKTMaaMM User m Group e koh- 
c|DMrypauMM cepeepa; 

► Kaia/ior, e KOiopoM pacno;io>KeH CKpMni, 
AO/DKeH npMHaA/ie/Kaib to/ibko yKaaaHHOMy 
B/iaAe/ibuy m rpynne; 

► caM CKpMni M Kaia/ior Moryi bbiib AOCiynHbi 
f\j\5\ 3 anMCM TO/ibKO B/iaAe/ibuy m rpynne; 

► CKpMni AO/DKeH HaxoAMTbC5i B Kaia/iore 
yKaaaHHOM npM nacipoMKe eeb-cepeepa 
(obbiHHO 3TO /home m/im /home/htdocs). 

K co)Ka/ieHMK), coobmeHM/i ob oiuMbKe 
paboTbi CKpMnia no bmho caMoro CKpMnia » 


CbOM L^eHip CepiM(|)MKaL^MM 


no;ie3Hoe canoynpaBCTBO 

A/iH cosAaHMH saLAMLAeHHoro SSL-coeAMHe- 
HMH ipebyeiCH k/iioh m cepiMcpMKai Ha oc- 
Hoee aioro K/uona, KOiopbiM noAiBep/KAaei 
noA/iMHHOCib KaK caivioro K/uona, lan m ot- 
npaBMie/iH. flo/iynMib cepiMct/MKai Ha ocho- 
Be coBAaHHoro SSL-k/ikdhb ivio>kho, ocJ/mum- 
a/ibHO KynMB cepiMcpMKai y OAHoro ms o 6 - 
LAeMSBecTHbix AOBepeHHbix ueHipoB cepiM- 
(|)MKai 4 MM (Verisign, Trawte m t. a-)- Mo>kho 
iaK>Ke caMOMy cosAaib ueHip cepiMcpMKa- 
UMM, npM nOMOLAM KOTOpOrO Bbl CMO/Keie 
caMOCTOHie/ibHO BbiHMcaib HeobxoAMMoe 
KO/lMHeCTBO K/llOHeM M CepiMCpMKaTOB. flO- 
/lyneHHbiM cobciBeHHbiM ueHip cepiMcpMKa- 
14 MM HMHeivi He byAei oi/iMHaibcn oi obLue- 


MSBeCTHblX, sa MCK/llOHeHMeiVI TOrO, HTO HM- 
KTO, KpoMe Bac, He byAei 0 neivi snaib. 

A/iH opraHMsauMM AOBepMie/ibHbix OTHome- 
HMM HeobXOAMMO AObaBMTb Ha Bcex KOM- 
nbioiepax KopneBOM cepiM(})MKaT uenipa b 
CHMCOK AOBepeHHbix CepiMCpMKaiOB. TaKOM 
cobcTBeHHbiM ueHip cepiM(})MKauMM yAoben 
B HebO/lbLDMX KOMnaHMHX, KOrAa CepiMCpM- 
Kaibi Mcno/ibsyiOTCH b npeAe/iax cjDMpMbi, 
HanpMMep, A/ 1 ^ UJMCppOBaHMH nOHTOBbIX co- 
ObLAeHMM M UMCppOBOM nOAHMCM. 

A/iH cosAaHMH ueHipa cepiM(})MKauMM boc- 
no/ibsyeMCH bxoahlamm b cociaB openssi 
CKpMnioM ueHipa cepiM(})MKai 4 MM (sioi 
CKpMni HaxoAMTCH B /usr/share/openssi/ 


misc/CA.pl). riopHAOK cosAaHMH ueHipa 
cepiMcpMKauMM laKOB: 

► CosAaeM Kaia/ior /home/ca, b koto- 
poM byAyi HaxoAMibCH cpaM/ibi ueHipa 
cepiMcj/MKauMM. 

► KonMpyeM b Hero CA.pl m BbiciaB/ineM 
eMy npaea na Mcno/ineHMe. 

► Bhocmm b /etc/ssl/openssl.cnf snane- 
HMH no yMO/lHaHMK). 

► CosAaeM KopneBOM cepiMcpMKai npM no- 
MOLAM ./CA.pl -newca. flapo/ib, yKasaHHbiM 
npM cosAaHMM KopneBoro cepiMcpMKaia, 
HeobxoAMMO coxpaHMib, nocKO/ibKy npM 
ero noiepe BbinMcaib hobbim cepiMcpMKai 
byAei HeB 03 M 0 >KH 0 . 
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» M/IM no BMH6 suexec MAeHTMHHbl. HTo6bl pa- 
3o6paTbC51, KTO M3 HMX C03Aa6T OlUM6Ky, pO- 
KOMeHAyeTC5i OTK/ifOHMib suexec m nonpo6o- 
Baib BbinO/lHMTb CKpMni. Ec/IM CKpMni 
pa6oTaei, to oiuM6Ky c/ieAyei MCKaib b uacT- 
poMKax suexec; ec/iM Her — bo3mo>kho, 
npMHMHa KpoeiC5i b caMOM CKpMnie. 

C/ieAyei OTMeiMib, hto safe-mode pacnpo- 
CTpaH5ieTC5i jiMiub Ha aanymeHHbiM CKpuni. 
CaM CKpMni MO>KeT aanycKaib ;iK)6bie npM/io- 
>KeHM5i M no/iynaib Aociyn k ;iK)6biM AaHHbiM 
Ha ero ypoBHe Aociyna (sto mm5i, ot KOTopo- 
ro pa6oTaei apache, o6biHHo WWW m;im no- 
body, M/iM MM51 M rpynna, yKaaaHHbie a^^ 
suexec). B oi/iMHMe ot suexec, safe-mode 
no3Bo;i5ieT 6o;iee tm6ko ynpaa/i^iTb orpaHM- 
HeHM5iMM: HanpMMep, mo>kho 3a6;ioKMpoBaTb 
TO/ibKO aanycK BHeiuHMx nporpaMM m/im paa- 
peiuMTb MX aanycK m 3 onpeAe/ieHHoro Kaia- 
jiora. Mo>kho orpaHMHMib o6;iacTb bmammoc- 
TM AHCKa Kaia/ioroM caMia. YnMibiBa^i, hto 
MOA y/ib php Bbino;iH5ieT Bce PHP-CKpMnibi ot 
MMOHM cepaepa apache, HeobxoAMMOcib 
BK/iK)HeHM5i safe-mode oneBMAHa: ;ik)6om 
PHP-CK pMni B obbiHHOM HesaiAMiAeHHOM pe- 
>KMMe cnocobeH npoHMiaib Kaia/iorM ApyrMx 
CaMTOB, KOTOpbie HaXOA51TC51 Ha 3TOM >Ke KOM- 
nbfoiepe, a npM na/iMHMM paapemeHMM na aa- 
nMCb (Kaia/ior aarpyaKM KapiMHOK, c|DopyM, 
rocieBa^i KHMra) MO>KeTTaK>Ke BHeciM ne- 
CaHKUMOHMpOBaHHbie M3MeHeHM51 B 3TM AaH- 
Hbie M/iM yAa/iMTb mx. 


BepHeMC51 K KpMTMHeCKMM, C TOHKM 3pe- 
HM51 beaonacHOCTM, oiuMbKaM b CKpMniax. 
HanpMMep, ec/iM Bam CKpMni no/iynaei b Ka- 
HecTBe napaMeipa mm5i cfiaM/ia, KoiopbiM HaAO 
noKaaaib, to npM OTcyiCTBMM npoaepKM a/io- 
yMbim/ieHHMK CMO>KeT no/iyHMib ;ik)6om c|DaM;i, 
yKaaaB ero no/iHbiM nyib no abco/ifOTHOMy 
MMOHM (HanpMMep, /etc/passwd) m;im no ot- 
HocMie/ibHOMy (. ./. ./. ./. ./. ./. ./. ./etc/pass- 
wd). rio3TOMy CKpMni, Bbino;iH5iK)iAMM noAo6- 
Hbie A6MCTBM51, AO/DKCH yMCTb npOBep51Tb 
Kaia/ior, m 3 KOToporo 6epyiC5i c|DaM;ibi,M npe- 
obpaaoBbiBaib oiHocMie/ibHbiM nyib b a6co- 
jifOTHbiM, HTo6bi npoBepMTb, paspemeHo m 
OTKpbiTb aanpamMBaeMbiM cf)aM;i. Ec/im npo- 
rpaMMa npMHMMaei AaHHbie m 3 c|DopMbi, c;ie- 
Ayei no3a6oTMTbC5i o tom, Hio6bi 3/ioyMbim- 
/leHHMK He CMor BCiaBMib jiMmHMe HTML- 
lerM. HanpMMep, npM OTcyiCTBMM npoeepKM 
Ha lerM, 3;ioyMbim;ieHHMK MO>KeT BCiaeMib 
javascript, KOiopbiM noaeo/iMi no/iyHMib 
AaHHbie c KOMnbfoiepa no/ibaoBaie/i^i m;im 
aAMMHMcipaiopa. Ocobenno 3 to aKiya/ibHo, 
ec/iM Mcno;ib3yK)TC5i ceccMM: no/iyHMB ma6h- 
TMc|DMKaTop ceccMM aAMMHMcipaiopa, jifoboM 
3/ioyMbim;ieHHMK /lerKO CMO>KeT ciaib laKO- 
BbiM, Aa>Ke He MMe^i cooTBeiCTByioiAero ;io- 
rMHa M napo/151. flosTOMy, paboia^i c ceccM5i- 
MM, c/ieAyei npoeep^iTb IP-aApec, c KOToporo 
M3HaHa;ibHO npMme;i no/ibaoBaie/ib, m OTce- 
Kaib nonbiTKM no/iyHMib AOCiyn k 3tom cec- 
CMM c ApyrMx IP-aApecoB. 


Co3AaBa5i Ha caMie MHiepcfieMc aAMMHMci- 
paiopa, no bo3mo>khoctm orpaHMHbie AOCiyn 
K HOMy no IP-aApecaM, Hiobbi yMenbrnMib Be- 
po5iTHOCTb noAbopa napo;i5i m/im BxoAa c He- 
caHKUMOHMpoBaHHoro aApeca c noMOiAbio ne- 
pexBaneHHoro napo/i/i. SaiAMia no IP-aApecaM 
opraHM3yeTC5i npM noMOiAM MHCipyKUMM aLLow 
M deny. HTTP-cepeep apache pea/iMsyei Ase 
no/iMTMKM noBeAeHM5i: «3anpemeHO Bce, hto 
H e pa3pemeH0» m «pa3pemeH0 Bce, hto ne aa- 
npemeHo», KOTopbie onpeAe/i/uoic/i K/iione- 
BbiM c/iOBOM «order». flo/iMiMKa «aanpeiAeHO 
Bce, HTO He paapemeHo» (Order deny, aLLow) 
npMMeH5ieTC5i npM opraHMaauMM pecypcoB, ao- 
ciyn K KOTopbiM MO)KHO no/iyHMTb c onpeAe- 
/leHHbix IP-aApecoB. flo/iMiMKa «paapemeHo 
Bce, HTO He aanpeiAeHO» (Order aLLow, deny) 
npMMeH5ieTC5i f\j\s\ npeAOTBpameHM/i OOS-aiaK, 
npMBOA/UAMX K b/iOKMpoBKe paboTOcnocob- 
HOCTM. CnMCKM xocTOB, KOTopbiM npeAOCiaB- 
;i5ieTC5i M/iM aaKpbiBaeic/i AOCiyn, yKaabiaa- 
IOTC51 B K/ifOHeBbix c/iOBBx ALLow M Deny. B 
napaMeipax mo>kho Mcno/ibaoBaib kbk oam- 
HOHHbie IP-aApeca, tbk m ceiM, yKaabiBa/i Ma- 
CKy ceiM noc/ie cMMBO/ia «/». 

DNS-cepeepbi 

Cepaepbi AOMeHHbix MMen, cociaB/i/i/i ocHOBy 
c|DyHKUMOHMpoBaHM5i ceiM l/lHiepHei, B bo/lb- 
mMHCTBe c/iynaeB cbmm no cebe ne /ib/i/uotc/i 

MCTOHHMKaMM npOHMKHOBeHM/1 B CMCTOMy, HO » 


Tenepb, KorAa ueHip cepTMcj/MKauMM co- 
3AaH, cj/aM-n cacert.penn c-neAyei Bbi/io>KMTb 
B AOCiynHoe iviecTO, OTKyAa ero CMoryr sa- 
bpaib no-nbBOBaie-nM, KOTopbie byAyi mc- 
no-nbsoBaib BbiAaHHbie mm cepiMclDMKaTbi. 

YAobcTBa paboibi b Windows (J/aPi-ny 
HaAO npMCBOMTb pacLUMpeHMe .crt; b 3tom 
c-nynae cepTMcj/MKaT byAOi aBTOMaiMnecKM 
onosHaBaibCH. 

cosAaHMH HOBoro K/uona m cepTMc|)MKa- 
la HaAO Bbino-nHMTb c-neAyiOLAMe aohctbmh: 
► CosAaib K/iiOH, sanycTMB cneuMa-nbHbiM 
CKpMni ./CA.pl -newreq. floc-ne 
no-nyneHMH OTBeiOB Ha Bonpocbi byAOi 
cosAaH 4)aM-n newreq. pem, coAep/KaiAMM 


saKpbiTbiM napo/ieM k/iioh m sanpoc na 
cosAaHMe cepTMc|)MKaTa. C/ieAyei o6pa- 
TMTb BHMMaHMe, HTO ec/iM cepTM(f)MKaT 6y- 
Aei Mcno/ibsoBaibCH a-hh paboibi cepae- 
pa, TO no/ie Common Name (CN) ao/i>kho 
coAop>KaTb MMH cepaepa m/im c/iy>K6bi, 

A/IH KOTOPOM byAOT MCnO/lbSOBaibCH 3T0T 
cepTM(j)MKaT (HanpMMep, mail.domain.ru). 
► rioc/ie Bbino/iHeHMH sanpoca HaAO co- 
3Aaib cepTM(j)MKaT. A-hh aioro onnib 3anyc- 
TMie CKpMni ./CA.pl c napaMeipoM -sign 
M, BBeAH napo/ib ot KopHeBoro cepiMcJ/MKa- 
la, cosAaMie cepiMcJ/MKai. CosAaHHbiM cep- 
TM(t)MKaT byAOT HaxoAMTbCH B c[)aM/ie 
/etc/ssl/newcert.pem. 


BHyipM cosAaHHoro cepiMcj/MKaTa coAop- 
>KaiCH CMrHaiypbi a cj/opMaie Netscape 
(KOMnaHMM, paspaboTaBLueM 3 tot OTKpbi- 
TblM npOTOKO/1 LlJM(})pOBaHMH), KOTOpbie 
cnepyei yAa/iMib, laK KaK bo/ibiuMHCTBO 
CMCieM He noAAop>KMBaiOT 3 tm saro/iOBKM 
M He Moryi sarpy/Kaib cepTMc[)MKaT. K/iioh, 
no/iyneHHbiM na nepaoM mare, naxoAMicn 
B 3amM(})poBaHHOM BMAo; HeKOTopbie cep- 
aepbi TpebyiOT, HTobbi k/iioh 6bi/i pacmMcj)- 
poaaH. PacmM(})poBaTb k/iioh mo>kho npM 
noMOLAM c/ieAyiOLAeM KOMaHAbi «openssl 
rsa -in enc.key -out dec.key». K/iioh 6y- 
AOT pacmM(J)poBaH m roTOB a-hh Mcno/ibso- 
BaHMH paSHbIMM c/iy>K6aMM. 
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# BE30nACH0CTb/_ WWW-, Mail-, FTP- m DNS-cepBepbi 


» Moryi Mcno;ib 30 BaTbC 5 i s/ioyMbiiu/ieHHMKaMM 
A /151 no/iyneHM/i HHc|DopMauMM o KOHc|DMrypa- 
ceiM M cepeepoB. 

rio yMO/iHaHMfo DNS-cepBep sanycKaeic/i 
OT MMeHM no/ibsoBaie/i/i root m MMeei Aociyn 
KO BC6M CfiaM/lOBOM CMCTeM6. B C/iyHaO B3/10- 
Ma cepaepa 3;ioyMbiiu;ieHHMK no/iynaeT no/i- 
HbiM KOHipo/ib HaA cepaepoM m mo/kot mc- 
no/ib3oaaTb KOMObfoiep b cbomx ue/i/ix. 

Hio 6 bi npoAOTBpaiHTb 3 to, c/ieAyei aanycKaib 
DNS-cepaep a chroot-OKpy>KeHMM m ho ot 
MMeHM no/ibaoBaie/i/i root, fl/i/i abino/iHeHM/i 
3 TMX yc/iOBMM H 6 o 6 xoAMMO B /etc/rc.copf AO- 
6 aaMTb napaMeip named_fLags a KOTopoM Ha- 
AO yKaaaib c/ieAywiAMe napaMeipbi «-u bind 
-t /etc/namedb -w /». Ec/im Ha cepaepe na- 
XOAMTC 51 BTopMHHbiM cepBep MM 6 H (Secondary 
DNS), TO Kaia/ior, b KOTopoM cepaep xpaHMT 
3 arpy>KeHHbie c nepBMHHoro cepaepa cfiaM/ibi 
30 H AO/DKeH 6 biTb AOCTynoH Ha 3 anMCb no/ib- 
aoBaie/ifo bind. 

fl/151 npeAOTBpaiAeHM5i bo3mo>khoctm no- 
/lyneHM/i MHc|DopMauMM o KOHcfiMrypauMM ce- 
TM M cepaepoB naAO yAa/iMib m 3 cfiaM/iOB 
KOHc|DMrypauMM 30Hbi Bce 3anMCM KpoMe SOA, 
A, PTR, NS M CNAME, KOTopbie Mcno/ibayfOTC/i 
A/151 paboTbi DNS-cepaepa. TaK>Ke neobxoAM- 
MO aanpeiMTb nepeAany cfiaM/ia 30Hbi aceM, 
KpoMe BTopMHHbix cepBopoB, TaK KaK no/iy- 
HMB c|DaM/i 30Hbi, 3/ioyMbiiu/ieHHMK y3Haei 


MMena m IP-aApeca acex cepaepoa, nepe- 
HMC/ieHHblX B 3TOM 30H0. fl/151 STOTO B 

named. conf neobxoAMMO AodaBMib napa- 
Meip «aUow-transfer { ipl; ip2; ip3; };» rp,e 
ipl, ip2 M ip3 3TO IP-aApeca BTopMHHbix 
cepBepoB. Ha aiopMHHbix cepaepax c/ieAyei 
aanpeiMTb nepeAany 30Hbi yKaaaa «aUow- 
transfer { none; };». Ec/im cepaep Mcno/ib3y- 
eiC5i TO/ibKO a/151 noAAep>KKM DNS-30H a 
l/lHiepHeie, to Ha hom a/i5i skohommm TpacfiM- 
Ka c/ieAyeT OTK/ifOHMTb peKypcMBHbie aanpo- 
cbi, AobaaMB napaMOTp «recursion no;» b 
named. conf. Ec/im cepaep o6c/iy>KMBaeT /lo- 
Ka/ibHyfo ceTb, peKypcMBHbie aanpocbi hbao 
paapeiuMTb TO/ibKO a/i5i stom ceTM; CAe/iaTb 
3TO MO)KHO npM noMOiAM oapaMeTpa «aUow- 
recursion { net/mask; };» (nanpMMep, aUow- 
recursion { 192.168.123.0/255.255.255.0; 

}; ). Ec/im aanpaiuMBaTb aanMCM m 3 30Hbi 
AO/l>KHbl TO/lbKO M3 OnpeAC/ieH HOM CeTM M/IM 
ceTeM (HanpMMep cepaep /lOKa/ibHOM ceTM), 
TO npM noMOiAM napaneTpa «aUow-query { 
net/mask; };» c/ieAyeT aaAaTb ceTb, a/i5i ko- 
TopoM paapemeHbi aanpocbi (no yMO/inaHMfo 
aanpocbi paapemeHbi OTOBCfOAy). Ec/im DNS- 
cepaep o6c/iy>KMBaeT m /lOKa/ibHyfo ceTb m 
l/lHTepHeT, TO b 30He, CMOTp/imeM a l/lHTep- 
HeT, He>Ke/iaTe/ibHo 6yAeT yKaabiaaTb MMena 
M aApeca KOMnbfOTepoa, HaxoA5iiAMXC5i b /lo- 
Ka/ibHOM ceTM. JlyHiue paanecTM DNS-cep- 


aepbi /lOKa/ibHOM ceTM m l/lHTepneTa na paa- 
Hbie KOMObfOTepbi M/iM CAe/iaTb OTAe/ibHyfo 
30Hy a/ 151 BHyTpeHHeM ceTM (HanpMMep, a/i5i 
AOM ena domain.ru sona mo/kot Bbir/i/iAeTb 
KaK office.domain.ru) m paapeiuMTb aanpocbi 

TO/lbKO M3 /lOKa/lbHOM COTM (npM nOMOlAM aL- 

Low-query). floAobHa/i nacTpoMKa DNS-cep- 
aepa noaao/iMT ycM/iMTb aaiAMmeHHOCTb cep- 
aepoa KOMnaHMM a tom c/iynae, ec/iM 
3/ioyMbiiu/ieHHMK nonbiTaeTC5i no/iyHMTb mh- 
cfiopMauMK) 0 ceTM M cepeepax. 

3au|Mii|eHHoe 
OKpy)KeHMe nporpaMM 

SanacTyfo a/i5i ycM/ieHM/i 3cf)c|DeKTa aaiAMTbi 
npMMeH5ieTC5i OKpy>KeHMe chroot m/im jaiL Hc- 
no/ib3oaaHMe 3 tmx MeTOAoa ycM/iMBaeT aaiAM- 
Ty AaHHbix, KOTopbie npeAOCTaB/i/ifOTC/i cepee- 
poM, a TaK)Ke no3BO/i5ieT npoTMaocTO/iTb 
nonbiTKaM BbiBecTM m 3 CTpo5i Becb cepaep m 
no/iyHMTb AOCTyn k ApyrMM c/iy>K6aM, paboTa- 
foiAMM Ha 3T0M cepBepe. flpMHAMn agmctbm/i 
o6omx MeTOAOB MAeHTMHeH: OHM pea/iM3yfOT 
aaiAMiAeHHoe OKpy>KeHMe aoKpyr paboTafome- 
ro npoqecca m/im npoqeccoB. 

MeTOA chroot Men/ieT KopneBOM KaTa/ior 
(/) HayKaaaHHbiM nepeA aanycKOM nporpaM- 
Mbi, TaK HTO 3/ioyMbiiu/ieHHMK, B3/iOMaB npo- 
rpaMMy, paboTafomyfo b tbkom OKpy>KeHMM, 
CMomei no/iyHMTb AOCTyn TO/ibKO k tom cnym- 
baM M AaHHbiM, KOTopbie bbi/iM aanymeHbi b 
3T0M OKpy>KeHMM. Ho 3T0T MCTOA MMeCT M 
CBOM MMHyCbi: bo/lblUMHCTBO UporpaMM CKOM- 
nM/iMpoaaHO c Mcno/ib3oaaHMeM AHHaMMHec- 
KMx bMb/iMOTOK (/usr/Lib* m /usr/LocaL/Lib*), 
a chroot noAMen/ieT KopneBOM KaTa/ior ao 3a- 
nycKa nporpaMMbi; c/ieAoaaTe/ibHO, nporpaM- 
Ma, He obHapy>KMB neobxoAMMbix bnb/iMOTeK, 
npocTO He CTaneT paboTaTb. HTobbi M3be>KaTb 
3Toro, HeobxoAMMO /iMbo cobMpaTb nporpaM- 
My be3 MCn0/lb30BaHM51 AHHaMMHeCKMX bMb/lM- 
OTeK, /iMbo CKonMpoBaTb HeobxoAMMbie 6v\6- 
/iMOTeKM a paboHMM KaTa/ior nporpaMMbi, 

C03A3B TaM aHa/iorMHHyio CTpyKTypy KaTa/io- 
rOB C bMb/lMOTOKaMM. riO/iyHMTb CnMCOK MC- 
no/ib3yeMbix nporpaMMOM bnb/iMOTeK mo>kho 
npM noMOiAM KOMaHAbi «Ldd MM/i_nporpaM- 
Mbi». BaM MoryT noHaAobMTbC5i m neKOTopbie 
ApyrMe AaHHbie m nporpaMMbi a/i5i HopMa/ib- 
HOM paboTbi c/iy>Kbbi chroot, ho ace ohm noA- 
bMpaiOTC5i /iMiub onbiTHbiM nyTeM a npoqecce » 
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» TecTnpoBaHM5i 0Kpy>KeHM5i. OAHaKO chroot saiAMiAaei to/ibko cfiaM/io- 
Byfo CMCieMy, 0CTaB/i5i5i HesaiAi/iiAeHHbiMM naM5iTb, ceieBbie coeAMHe- 
Hm M CMCieMHbie BbisoBbi. HanpMMep, s/ioyMbiiu/ieHHMK MO>KeT, no/iy- 
HMB AOCTyn B CMCieMy, MOAMcfiMAMpoBaTb npaBM/ia firewaU \aj]\a 
sarpysMTb nporpaMMy, KOTopa^i 6yAei CKaHMpoBaib ceib m/im nepexBa- 
TbiBaib napo/iM m A^HHbie. 

Ot BbimeyKasaHHbix HeAOCTaiKOB CBo6oAeH MeioA jail, Koiopbm 
opraHMsyei saiAMiAeHHoe OKpy>KeHMe, noAo6HO chroot ho npM 3 tom 
saiAMiAaeT naM5iTb, ceieBbie MHTepcjDeMCbi m cMcieMHbie BbisoBbi. 
ripaBAa, Ka>KAoro jaU-OKpy>KeHM5i Tpe6yeTC5i oiAe/ibHbm IP-aA- 
pec, KOTopbiM Mcno;ib3yeTC5i stmm OKpy>KeHMeM. flosTOMy jail name 
Mcno;ib3yeTC5i C03AaHH5i BMpiya/ibHoro KOMnbfoiepa FreeBSD, b 
KOT opoM pa6oTafOT c;iy>K6bi. HanpMMep, mo>kho, ncno;ib3y5i MOiAHbm 
KOMnbfoiep, 3anycTMTb Ha HeM HecKO/ibKO OAHOBpeMeHHo pa6oTafo- 
lAMx paa/iMHHbix cepaepoB (noHTOBbm cepaep, HTTP/FTP-cepBep, 
cepBep Aociyna), KOTopbie CMoryi B3anMOAeMCTBOBaTb Apyr c Apy- 
roM He MHane KaK nepea ceib. flncKOBoe m aApecHoe npocipaHciBO 
laKoro KOMnbfoiepa 6yAei pasAe/ieno, ho npM 3 tom B03MO>KHoe npo- 
HMKHOBeHMe B OAHO M3 pa6oTafoiAMx jaiL-OKpy>KeHMM HMKaK He no- 
B/iM5ieT Ha pa6oTocnoco6HocTb Bcex ocia/ibHbix: cMcieMHbie BbisoBbi, 
cnoco6Hbie M3MeHMib cocio5iHMe BceM cMcieMbi, 6yAyi 6;ioKMpoBaHbi, 
a 3HaHMT, Aa>Ke no/ibaoBaie/ib c npaaaMM root BHyipM laKoro OKpy- 
>KeHM5i He CMO>KeT BHecTM M3MeHeHM5i B npaBM/ia firewaU, «npoc;iy- 
maTb» ceib m/im OTc|DopMaTMpoBaTb ahckm. Ec/im jail Mcno;ib3yeTC5i 
KaK paciuMpeHHbiM BapMani chroot ero nacipoMKa npoM3BOAMic5i 
ana/iorMHHO chroot-OKpy>KeHMK). OopMai aanycKa jail c;ieAyK)iAMM: 
«jaU "no/iHbiM nyib ao pa6onero Kaia/iora" "mm5i cepaepa" "ip-aApec 
jail" "KOMaHAa m;im nporpaMMa"». Ec/im jail Mcno/ibsyeic^i opra- 
HMsauMM BMpiya/ibHoro KOMnbfoiepa, ero HacipoMKM noHaAo6Mi- 
C51 MCXOAHbIM KOA CMCieMbl (HaXOAMTC51 B /usr/src). HaCipOMKM 
jail HaAO Bbino/iHMTb c/ieAyfoiAMe marM: 

► Bpynnyfo C03Aaib Kaia/ior b KOiopoM 6yAei HaxoAMibC5i jail (na- 
npMMep, /home/jaU) 

► riepeMTM B AHpeKTopMfo /usr/src 

► Bbino/iHMTb «make world DESTDIR=/home/jaU» 

► Bbino/iHMTb «cd etc ; make distribution DESTDIR=/home/jail» 

► CKonupoeaib /stand/sysin stall b /home/jail/sbin/sysinstall 

► Bbino/iHMTb «jail /home/jail jail_FIOSTNAMEjaiLIP /bin/sh» (na 
3TOM mare 6yAei aanymen jail b pe>KMMe KOHc|DMrypMpoBaHM5i) 

► Co3Aaib nycTOM cjDaM/i /etc/fstab 

► riepeMTM B /etc/mail m Bbino/iHMib laM KOMaHAy «make» 

► B /etc/rc.conf AobaBMTb cipoHKy network_interfaces="" 

► B /etc/resolv.conf aaHecTM HacipoMKM DNS 

► SanycTMib /sbin/sysin stall m npoMseecTM HacipoMKM epeMeHHOM 30Hbi. 

► YciaHOBMib napo/ib no;ib30BaTe;i5i root m aaBecTM HeobxoAMMoe ko- 
jiMHeciBO no;ib30BaTe;ieM. 

Bee, Jail HacipoeH. ero aanycKa HaAO Bbino/iHMib KOMaHAy «jail 
/home/jail JaiLHOSTNAMEjaiLIP /bin/sh /etc/rc», noc/ie Hero BMpiy- 
a/ibHbiM KOMnbfoiep 6yAei aanymeH m Ha Hero mo>kho 6yAei aaMTM no 
aaiAMiAeHHOMy SSH-iynne/iK), Hio6bi Bbino/iHMib Aa/ibHeMmyfo kohc|dm- 
rypauMfo m yciaHOBKy neodxoAMMbix nporpaMM. 

■ ■ ■ HviKOJiaM TojiKaMeB 
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# 3KCn/iyATAUMyi/_ yciaHOBKa o6HOB;ieHMM 



BoccosflaHue 
Mnpa/_ , . , 


KOMnMJIMpOBaHMe OC mb MCXOAHBIX KOAOB 

CeroflH5uuHMM MMp >KMBeT HO «MHTepHeT-BpeMeHM»: samma cucreMbi 
MO>KeT 6biTb B3/iOMaHa xaKepaMM nepes HecKO/ibKO nacoB noc/ie ny6;iM- 
KauMM CBefleHMM 0 ee noieHui/ia/ibHOM Y513 bmmoctm. riosTOMy ;ifo6a5i 
onepaui/ioHHa5i CMcieMa HenpepbiBHo pa3BHBaeTC5i, m no;ib30BaTe;iM 
flo;i>KHbi nocT05iHHO noflflep>KMBaTb ee b aKiya/ibHOM cocto5ihmm. 


H mkto M 3 npoM3BOAMTe;ieM onepauMOH- 
HblX CMCT6M He OipMUaei 3TOM Heo6xo- 
AMMOCTM. Microsoft BbinycKaei nepMO- 
AMHecKMe o6HOB;ieHM5i B BMAe Service Pack 
A/151 no;ib30BaTe;ieM Windows. 06HOB;ieHM5i 
A/151 MHAMBMAya/ibHbix npM;io>KeHMM Windows 
M Macintosh ho 5 ib;i 5 iiotc 5 i b leneHMe He- 
CKO/ibKMx ahom c MOMeHia o6Hapy>KeHM5i Ka- 
kmx-;im 6 o npo6;ieM. rioAo6HbiM MexaHMSM 
o6HOB;ieHMM pea;iM30BaH m b Linux. FreeBSD 
TaK)Ke no3Bo;i5ieT ocymecTB/i/iTb noAAep>KKy 
noxo)KMM cnoco6oM. Ho nocKO/ibKy ee no;ib- 
30Baie;iM MMeioi Aociyn k McxoAHOMy KOAy 
OC, noAAep>KKa B03M0>KHa m c noMOiAbio 6o- 
;iee yAo6Hbix MeioAOB. 

OcHOBHbie BepcMM FreeBSD (4.0, 5.0) Bbi- 
XOA51T C MHiepBa/lOM B OAMH-ABB TOAB,* npO- 
Me>KyTOHHbie (3.4, 4.1.1) — kbk npaBM/io, ne- 
pe3 ipM-mecTb Mec5iueB. Ho kbk 6bi nacio hm 
n 051 B/l 51/1 MCb o6HOB/ieHM51, C TOHKM 3peHM51 BA" 
MMHMCTpaiopa, OTBenafoiAero 3a aaiAMiy cmc- 


TOMbl, 3 TO BCe paBHO C/iyHaeTC 51 C/IMIUKOM 
peAKO. Hio 6 bi o 6 HOB/i 5 iTb cMCTOMy «B pea/ib- 
HOM BpeMeHM», Bbl MO/KOie BOCno;ib 30 BaTbC 51 
cnoco 6 aMM, Koiopbie o 6 ecneHMBaei FreeBSD: 
CVSup M make world. 

Orc/ieiKMBaHMe 

MCXOflHoro Kopa FreeBSD 


FlpocieMiuMM M HaM6o;iee pacnpocipaHeHHbiM 
Cn 0 C 06 06H0B/ieHM51 — 0>KMAaHMe hobom 
OCjDMAMa/lbHOM BepCMM CMCieMbl. OaHBKO 3TO 
c/iMiuKOM MeA/ieHHoe pemeHMe. Hio6bi matm b 
H ory CO BpeMOHeM, Heo6xoAMMO c/ieAMib 3a 
MCXOAHbIMM KOAaMM CMCTOMbl M npM/10>KeHMM. 

flepeBO McxoAHbix cfiaM/iOB OC FreeBSD co- 
Aep>KMTC5i B xpaHM/iMiAe CVS (CVS repository), 
npeACiaB/ieHHOM Ha necKO/ibKMx sepKa/ibHbix 
cepBepax. C noMOiAbfo onpeAe/iennoro mhct- 
pyMeHia 3 to xpaHM/iMne mo>kho cmhxpohmsm- 
pOBaib C JlOKa/lbHblM. » 


CHIP 


SPECIAL 


N5 8 / 2 0 0 4 




# KOMnH/ikipoBaHkie OC ms mcxoambix koaob / 
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» flee BeTBM McxonHoro Koga 

HcxoAHbie KOAbi OC FreeBSD HaxoA5iTC5i b co- 
CT051HMM n0CT051HH0r0 M3MeHeHM51. MhOTOHMC- 
/leHHbie pa3pa6oTHMKM Mcnpae/i^iioT HaMAen- 
Hbie OUJm6kM, /IMKBMAMpyiOT Y513BMMOCTM, o6- 
H0B/15110T yTM/lMTbl M A06aB/15110T HOBbie B03- 
M0>KH0CTM. riapa/i/ie/ibHo noAAep>KMBaiOTC5i 
HecKO/ibKO BeTBeM AepeBa mcxoambix koaob. H 
TO;ibKO AB6 M3 HMX n0CT051HH0 HaXOA51TC51 B BK- 
TMBHOM pa3pa6oTKe — BeTBM Current (leKy- 
iAa5i) M Stable (ciabM/ibHa^i). 

BeiBb Current 5iB/i5ieTC5i HaMbo/iee coBpe- 
MeHHOM BepCMeM MCXOAHbIX KOAOB CMCieMbl. 
Ona npeAHaaManeHa r/iaBHbiM o6pa30M 
paapaboTHMKOB m beia-iecTepoB, a TaK>Ke 
Tex, KOMy HeMeA/ieHHo, npMHeM 6ea bc5ikmx 
a/lbTepHBTMB, Hy>KHbl HOBbie CBOMCTBa CMCTe- 
Mbi: noAAep>KKa KaKMx-;iM6o ycTpoMCTB m;im 
nporpaMMHbie o6HOB/ieHM5i. 

B onpeAe/ieHHbiM MONieHT paapaboTKM 
(obbiHHO noc/ie nepBoro pe;iM3a onepauMOHHOM 
CMCTeMbi) BepcM5i Current HaHMHaeT cHMTaTbC5i 
CTabM/ibHOM. rioc/ie 3Toro 3Tana BeTBM AepeBa 


MCXOAHbIX KOAOB CABMraiOTC5i BBopx: Tonepb 
Current o6o3HanaeT caMyio HOByio, BepxHioio 
BeTBb, a Stable — bbiBiuyio BeTBb Current. 

flpewAe HBM co6parb CMcreMy 

HeobxOAMMO OTMeTMTb, HTO cbopKa CMCTeMbi 
M3 MCXOAHbIX KOAOB, OCObOHHO HB BKTMBHO pa- 
boTBioiAOM cepBepe, MO>KeT 6biTb npeBBTa 
yHMHTO>KeHMeM cynecTByioiAeM CMCTOMbi, yTe- 
peM KBKMX-JlMbo C|DaM;iOB M/IM AB>Ke KpaXOM 
cjDaM/iOBOM CMCTeMbi. FlosTOMy B nepByio one- 
peAb nepeA obHOB/ieHMeM cMCTeMbi HeobxoAM- 
Mo npoM3BecTM ee peaepBHoe KonMpoBBHMe. 

Oahmm M3 abbho npoBepeHHbix cnocoboB 
MCn0/lb30BaHM51 CVS CMHXpOHM3aUMM 5IB- 
;i5ieTC5i ycTBHOBKa nopTMpoBaHHoro npM/io>Ke- 
HM51 cvs-without-gui: 

# cd /usr/ports/net/cvsup-without-gui 

# make install clean 

3aTeM HeobxoAMMO noAroTOBMTbC5i k hb- 

CTpOMKe CMHXpOHM3aUMM MCXOAHOTO K0A3. 


HaCTpOMKa STB npOM3BOAMTC51 OAMH pa3 M 
BnOCneACTBMM BbinonH5ieTC51 aBTOMBTMHeCKM. 
o6HOBneHM51 MCXOAHBIX koaob CMCTeMbi c 

noMOiAbK) CVSup HeobxoAMMO C03A3Tb cfiaMn 
/etc/cvsupfile m b TeKCTOBOM peAaKTope BHe- 
CTM B Hero npMMepHO cneAyioiuee: 

* default 

host =cvsupl. ru.freebsd.org 

(3T0 pyccKoe sepKajio ocnoBHoro Aepeea) 

* default base=/usr 

* default prefix=/usr 

* default release=cvs 

* default tag=RELENG_4 

* default delete use-rel-suffix 

src-all 

* default tag=. 

ports-all 

doc-all 

CTpOKy C AeCKpMnTOpOM BepCMM Hy>KHO M3- 
MOHMTb B 3BBMCMM0CTM OT BBlUeM CMCTOMbl M 
OT >KenaHM5i nonyHMTb McxoAHbie KOAbi onpe- 
AeneHHOM botbm. HanpMMep, nonyHMTb mcxoa- 
Hbie KOAbi A-H51 BepcMM 4.10-RELEASE no3BO- 
n5ieT cneAyK)iAa5i CTpoKa: 

* default tag =RELEN G_4_l 0_0_RELE ASE 

Tenepb McxoAHbie KOAbi CMCTOMbi BbibpannoM 
BeTBM MO>KHO HonyHMTb npocTOM kombhaom: 

* cvsup -g -L 2 /etc/cvsupfile 

nocne OTpaboTKM KOTopoM Bbi nonyHMTe ca- 
MyK) CBe>KyK) BepcMio mcxoahbix koaob. 

OnilMM AJlfl c6opKM 

OaMn /etc/make.conf 5iBn5ieTC5i rno6anbHbiM 
KOHCflMrypaUMOHHblM cfiaMnOM, KOTOpbIM 
ynpaBn5ieT bcomm agmctbm^imm Make World. 
CBe>KeycTaH0BneHHa5i cmctomb FreeBSD He 
MMeeT TBKoro cfiaMna, oahbko b neM cynecTBy- 
eT cfiaMn npMMepa /etc/defaults/make.conf, b 
KOTOpbIM BKniOHeHbl BCe B03M0>KHbie HBCTpOM- 
KM noyMonnaHMio m KOTopbiM Mcnonb3yeTC5i 
npM OTcyTCTBMM cfiaMna /etc/make.conf. 

ObbIHHO B HeM MO>KHO OCTBBMTb BCe KBK eCTb, 

HO B HOKOTOpblX CnyHB 51 X npMA 6 TC 51 MBMOHMTb 
HOKOTopbie napaMeTpbi — 3 to no 3 BonMT 3 hb- 
HMTenbHO ycKopMTb paboTy m^m tohko hb- 
CTpOMTb npouecc cbopKM CMCTOMbl. » 


PeiueHMe npo6AeM 


Ha;iaiKMBaeM pa6ory CUSup 


► CVSup He ivio>KeT coeAMHMTbcn c Bbi- 
OpaHHbiM cepBepoM. BbiAaeTcn cooOu^e- 
HMe Connection refused — «B coeAMHe- 
HMM 0TKa3aH0». A-HH peUJeHMH 3T0M UpO- 
OneMbi BbiOepMTe APyroM cepaep CVS b 
KOH cpMrypauMOHHOM cpaFme /etc/cvsup- 
file. Heivi Bbime ero HOMep (HanpMMep, 
cvsup5.ru.freebsd.org), tom Meubuje oh 
A on>KeH ObiTb 3arpy>KeH. 

► CVSup coeAMHHeTCH, ho HMHero ne npo- 
MCXOAMT. B03M0>KH0, BOUJe COeAMHOHMe c 

ceTbio oaiAMLueHO firewall. VOeAMTecb, hto 


OH nponycKaeT coeAMHeHMe no nopTy 
5999, KOTopbiM McnonboyeT CVSup. 

► riocne CMHxpoHM3auMM nonnocTbio yAa- 
nnncH KaTanor /usr/src!. Sto MO>KeT npo- 
M30MTM, ecnM Bbi yKaoanM HeaepHbiM f\e- 
CKpMHTop B cpaPme /etc/cvsupfile. Ae-no b 

TOM, HTO npM COeAMHOHMM COpBOp UpOCTO 
BOSBpaiAaeT coAep>KMMoe Aepeaa CVS Ann 
BbiOpaHHOM BeTBM, M ec^M nocneAHHH saAa- 
Ha HecyiAecTByioiAMM SHaneHMeM, to m pe- 
synbTaTa Bbi He nonyHMTe. McnpaBbTe f\e- 
CKPMHTOP M SanyCTMTe cvsup SaHOBO. 
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# 3KCn/iyATALlMyi/_ yciaHOBKa o6HOB/ieHHM 


» Hana/ia cosabamm cf)aM;i /etc 

/make.conf (ec/iM oh eme He cyiAecTByei): 

* touch /etc/make. conf 

Tenepb eneceM b Hero neKOiopbie napaMe- 
ipbi, peKOMOHAyeMbie FreeBSD handbook: 

CFLAGS= -0 -pipe 
N0PR0FILE=tme 

Mo>kho TaK>Ke Aobaamb neKOiopbie on- 
i\m, KOTopbie MCK/ifonai nacib ne i/icno/ibsye- 
Mbix BaMM npn;io>KeHMM: 

N0_I4B=tme # ecjm ne paboTaeTe c ISDN 
N0_LPR=tme # ecjm hct npviHTepa 
N0GAMES=tme # ecjivi ne ao virpymeK 
N0UUCP=tme # ybvipaeM ycTapeBuiee uucp 
N0_M0DULES=tme # ne codvipaTb MOAyJivi 

BMeCTe C HAPOM 

B 3TOT >Ke cfiaMA MO>KHO Ao6aBMTb npaBMAa 
M ycAOBM5i cvsup A^^ 6oAee yAobnoM CMHxpo- 
HMSaUMM MCXOAHbIX KOAOB (nOCAO 3Toro o6- 
HOBAOHMe CMCieMbl MO>KHO 6yA6T npOMSBeCTM 
nyieM nepexoAa b /usr/src m sanycKa KOMan- 
Abi make update): 

SUP_UPDATE= yes 
SUP= /usr/local/bin/cvsup 
SUPFLAGS= -g -L 2 
SUPH0ST= cvsup5.ru.freebsd.org 
SUPFILE= /etc/stable-supfile 
PORTSSUPFILE= /etc/ports-supfile 

3Aecb Mbi pasAeAMAM oamh KOHcfiMrypauM- 
OHHbiM cfiaMA cvsup Ha ABa — a-ha npaBMA no 
CMHXpOHMSaUMM MCXOAHbIX KOAOB CMCTOM M 
nopTMpOBaHHbIX npMAO>KeHMM. COAep>KMMOe 
3TMX KOHCflMrypaUMOHHblX cfiaMAOB MO>KeT 
6biTb, HanpMMep, ibkhm: 

/etc/stable-supfile 

* default host =cvsup 5 . ru. FreeBSD . org 

* default base=/usr 

* default prefix=/usr 

* default release=cvs tag=RELENG_4_10 

* default delete use-rel-suffix 

* default compress 
src-all 


/etc/ports-supfile 

*default host =cvsup5. ru.freebsd.org 

* default base=/usr 

* default prefix=/usr 

* default release=cvs tag=. 

* default delete use-rel-suffix 

* default compress 
ports-all 

C6opKa CMcreMbi m i/icxoflHbix koaob 

CbopKa BC6M CMCTOMbl HOCAO o6hOBA 6HMA 
MCXOAHbIX KOAOB npOMSBOAMTCA C HOMOlAbK) 
make world. Ona obecneHMBaei neobxoAMMbie 
Niepbl npeAOCTOpO>KHOCTM, KOTOpbie obbIHHO 
HeAOCTynHbi npM ycianoBKe bMHapHbix (ckom- 
HMAMpOBaHHblx) cj)aMAOB C KOMOaKT-AMCKa. Ha- 
npMNiep, ecAM BOSHMKHyi KaKMe-TO npobAeMbi c 
McxoAHbiM KOAOM, 3T0 BbiACHMTCA y>Ke Ha 3iane 
KOMnMAAAMM, a CAeAOBaieAbHO, obnOBACHHaA M 
MHciaAAMpoBaHHaA CMcieNia He CTanei b neKO- 
TopbiM MOMeHT Hepa6oTocnoco6HOM. 

CbopKa CMCieMbl c noMOiAbio make world 
COCTOMT M3 HOTbipeX OCHOBHbIX 3ianoB: c6op- 
Ka M MHCiaAAAUMA npMAO>KeHMM OCHOBHOM CM- 
cieMbi, saieM cbopKa m mhctbaaauma AApa. 

make buildworld 
make installworld 
make buildkernel 
make installkernel 

Tenepb HeobxoAMMO OHMCiMib KaiaAor 
/usr/obj. 9 tot mar He ipebyeiCA, ecAM KOMan- 
Aa make world BbinoAHAeiCA b nepBbiM pas. 
Ecam 3T0 He laK, ms KaiaAora /usr/obj Heo6- 
xoAMMO yAaAMTb Bce cfiaMAbi. 3 to AeMciBMe 
ycKopMT npouecc, a TaK>Ke npoAOTBpaiMi 
B03M0>KHbie KOHCf)AMKTbl. 

B KaiaAore /usr/obj xpaHAiCA ob-beKiHbie 
cjDaMAbi, McnoAbsyeMbie ao cbopKM. l/IxyAaAOHMe 
He BcerAa mo>kho BbinoAHMib KOMaHAOM rm -rf, 
laK KaK npM cbopKe cMcieMbi cosAaioiCA cfiaMAbi 
cyciaHOBAeHHbiM cfiAaroM schg («cMcieMHo ne- 
M3MeHAeMbiM»), KOTopbie He AOCiynHbi aaa yAa- 
AeHMA Aa>Ke noAbsoBaieAio root. 3ia Mepa npe- 
AOCTopo>KHocTM HanpaBAOHa Ha ycipaneHMe la- 
KMx CAynaMHOcieM, KaK, nanpMMep, rm -rf .\*. 

Hiobbi KoppeKTHO OHMCTMTb 3T0T KaiaAor, 
BOcnoAbsyMiecb CAeAyioneM nocAOAOBa- 
leAbHOCTbK) KOMaHA: 


# cd /usr/obj 

# chflags -R noschg * 

# rm -rf * 
make buildworld 

Tenepb Bce roiOBO k cbopKe CMCieMbi. Fle- 
peMAMie B KaiaAor /usr/src m HaHHMie Bbi- 
noAHeHMe nepBoro aiana make: 

# make buildworld 

ripouecc buildworld saHMMaei necKOAbKO 
HacoB (b saBMCMMOCTM OT obopyAOBaHMA), no- 
3T0My He sanycKaMie ero, ecAM y Bac MaAO 
BpeMeHM. HeMHoro ycKopMib ero mo>kho c 
noMOiAbK) onuMM -j4, sanycKaiomeM OAHOBpe- 
MeHHo Heibipe npouecca. Ha Mamnne >Ke c 

HeCKOAbKMMM npOUeCCOpaMM MO>KHO AObMTb- 
CA eme boAee bbicokom npoMSBOAMieAbHociM, 
McnoAbsyA SHaneHMe ouu,m ao 10. 

ripouecc cbopKM peKypcMBHO npoxoAMi no 
KaiaAory /usr/src b aAcfiaBMiHOM nopAAKe. 

KaK TOAbKO Bbl yBMAMie, HTO KOMUMAMpyeiCA 
HeHTO BpoAe /usr/src/usr.sbin, — mo>kho 
CHM iaib, HTO npouecc bAMSOK k saaepmeHMio. 

06HOB;ieHMe AApa 

Ecam Bama CMcieMa paboiaei c aapom 
G eneric (no yMOAHaHMio), npouecc cbopKM 
AApa AOCTaioHHO npocT: 

# make buildkernel 

# make installkernel 

Ecam >Ke HaMMeHOBaHMA AApa oiAMnaiOTCA 
OT saAaHHoro no yMOAHaHMio, npouecc nepe- 
KOMHMAAUMM BbirAAAMT HOCKOAbKO CAO>KHee: 

# make buildkernel KERNCONF=core 

# make installkernel KERNCONF=core 

EciecTBeHHo, caobo core HeobxoAMMO sa- 
MeHMTb MMeHeM McnoAbsyeMoro BaMM AApa. 

riocAe cbopKM M yciaHOBKM AApa Heobxo- 
AMMO nepesarpysMTbCA, HTobbi CAOAaHHbie ms- 
MeneHMA BCiynMAM b CMAy. 

HHcneKTop Hergemaster 

OciaACA nocAOAHMM mar — bkaiohmib b Me- 
papxMK) /etc (m HeKOTopbie ApyrMe obAaciM, 
HanpMMep,/usr/share) HOBbie BepcMM kohc|dm- » 
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# KOMnH/ikipoBaHkie OC ms 


» rypauMOHHbix cfiaM/iOB. Can npouecc make 
world He bhocmt n3MeHeHM5i b /etc, HTo6bi 
Bce paHee HacipoeHHbie KOHc|DMrypauMOHHbie 
c|DaM;ibi He 6bmn yiep^iHbi. Flpouecc o6-beAH- 
HeHM5i cfiaM/iOB M3 Kaia/iora /etc c mx HOBbiMM 
BepcM5iMM npoMcxoAMT c noMOiAbfo ciaHAapi- 
HOM yTM/iMTbi mergemaster. 

riosTOMy peKOMeHAyeic5i Bbino/iHMib pe- 
aepBHoe KonMpoBaHMe Kaia/iora /etc. 3to 
M 0>KH0 CAe/iaib, HanpMMep, KOMaHAOM: 

# cp -Rp /etc /etc. old 

fla/iee aanycKaeM mergemaster c napaMei- 
poM -p (nepeA c6opKOM cMcieMbi): 

# mergemaster -p 

Bnana/ie mergemaster co3Aaei BpeMeHHbiM 
Kaia/ior /var/tmp/temproot m ycTanaB/iMBaeT 
B Hero Bce neo6xoAMMbie cfiaM/ibi m3 mcxoahbix 
KOAOB. riporpaMMa noKasbiBaei chmcok cjDaM- 
;iOB, HaxoA5iiAMxc5i b /etc m OTcyiCTByfoiAMx b 
B bi6paHHOM BpeMeHHOM Kaia/iore. 3aieM maot 
cpaBHeHMe 3TMX cfiaM/iOB. flpM HaXO>KAeHMM 
HecoBnaAeHMM na 3Kpane OTo6pa>KaeTC5i Bbi- 
BOA KOMaHAbi diff; npM 3 tom Mcno;ib3yeTC5i 
yiM/iMia nocipaHMHHoro npocMOipa, ycianoB- 
;ieHHa5i b nepeMennoM Pager, m/im yciaHOB/ieH- 
Ha5i no yMO/inaHMfo more. flpM npoKpyiKe k 
HM>KH eM HacTM BbiBOAa diff nporpaMMa aanpa- 
lUMBaei, KaKMe agmcibh^i npoMSBeciM c hobbim 
cjDaM/iOM. rio yMO/inaHMfo yiM/iMia mergemaster 

He npOM3BOAMT HMKaKMX AeMCTBMM, OCTaB/15151 

cf)aM;i B Kaia/iore /var/tmp/temproot a/i^i no- 
c/ieAyK)iAero BHeceHM5i MSMeneHMM Bpynnyfo. 


Ec/im Bbi6paib KOMaHAy m o6-beAMHe- 
Hm AByx cfiaM/iOB, nporpaMMa nepeMAei b pe- 
>KMM sdiff. B HOM nocipoHHo 6yAyi noKasanbi 
ABe BepcMM M3MeHeHHoro cfiaM/ia, hto no3BO- 
jiMT Bbi6paib Hy>KHyK) MHc|DopMauMK) M3 ciapo- 
ro M/IM HOBOrO CfiaM/lOB. 

l/lHorAa cipoKM Bbir;i5iA5iT oamhbkobo, no- 
CKO/ibKy pa3/iMHMe npocio He noMeciM/iocb na 
3Kpane. B laKOM c/iynae mergemaster mo>kho 
aanycTMTb c onuMeM -w, KOTopa^i ycianaB/iM- 
Baei lUMpMHy SKpana: 

# mergemaster -p -w 120 

riOC/ie OKOHHaHM51 cpaBHeHM5i Bcex c|DaM- 
jiOB yiM/iMia mergemaster aanpaiuMBaei noA- 
TBep>KAeHMe na yAa/ienne Bcero coAep>KMMO- 
ro Kaia/iora /var/tmp/temproot. Ec/im bbi oc- 
laBM/iM HecKO/ibKO cfiaM/ioB Aa/ibHeMiuero 
pyHHoro BMemaie/ibCTBa, Bbi6epMie "No". 

rioc/ieAHMM 3ianoM npoM3BOAMTC/i ycia- 
HOBKa HOBOM, C06paHH0M CMCTOMbi: 

# make instalLworld 

rioc/ie 3Toro Heo6xoAMMO eme paa aanyc- 
TMM yiM/iMiy mergemaster, ho y>Ke 6ea napa- 
MeipoB. rioc/ie ee oipa6oTKM mo>kho 6yAei 
nepeaarpysMTb CMCieMy. 

flepesarpysKd CMcreMbi 
noc/ie ooHOB/ieHMfl 

Tenepb saAaMie ce6e p/iA BonpocoB: 

► npOM3Be/lM JIM Bbl CMHXpOHMSaUMfO CMCTO- 
Mbi c noc/ieAHOM BepcMeM mcxoahbix koaob? 

► Bbino/iHM/iM JIM Bbl buildworld? 


P;ibTepHaTMBHoe o6HOB/ieHMe 


3an;iaTKy - noHTofi 

B HeKOTopbix c-nyHanx ropasAO yAoOHee 6y- 
A6T He OOHOB/lHTb CMCieiViy Ue-HMKOM M3 
MCXOAHbIX KOAOB, 3 OTC-He/RMBaTb HOHBMB- 

LUMecH MSMeHeHMH, noAnMcaBLUMCb Ha pac- 
cbi/iKy freebsd-announce@FreeBSD.org. 
ripM Ha/iMHMM MSMeneHMM Bbl no/iynaeie 
noHTOBoe coobLAOHMe c yKasaHMeivi obna- 
py>KeHHOM ynSBMMOCTM, peKOivieHAauMHMM 
no ee ycipaneHMio, a b c/iynae hboOxoam- 

MOCTM — CCbl/lKM HB Hy>KHblM nBTH («3a- 
n/iaTKy»). B noc/ieAHeivi c/iynae hboOxoam- 


MO OyAOT CKanaib nain m 3anycTMib c/ieAy- 
lOLAyio KOMBHAy A-HH ero Ha;io>KeHMH: 

# cd /usr/src 

# patch -pO < /path/to/patch 

TAO /path/to/patch — mmh naina c yKaaa- 
HMeiN/i no/iHoro nyiM k neiviy. Floc/ie na/io- 
>KeHMH «3an/iaTKM» hboOxoammo nepeco- 
6paib CMCieiviy c/ieAyn npMBeAOHHbiivi b 
CTBT be peKOIN/ieHAaUMHM. 
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► CKOMnM/lMpOBa/lM JIM 51AP0? 

► Bbino/iHM/iM JIM instalLworld? 

► Pa6oTaiOT;iM laKMe yiM/iMibi, KaK ps m top? 

► ripaBM/ibHo JIM npom/io obteAMHeHMe cpaM- 
/lOB M3 Kaia/lOra /etc C mx HOBbIMM BepCM/IMM? 

Ec/im otbctom Ha Bce Bonpocbi 6yAei «Aa», 
CMCieMy MO)KHO nepe3arpy3MTb. Tenepb npo- 
Bepbie HOMep aepcMM CMCieMbi c noMOiAbio 
KOMaHAbi uname: 

# uname -a 

KOTopa/1 BbiAacT HOMep BameM BepcMM FreeBSD, 
HOMep laK HaabiBaeMoro «naiH/ieBe/ia», a laK- 
>Ke MM51 co6paHHoro /lApa, nanpMMep: 

FreeBSD core.firma.ru 4.10-RELEASE-p23 
FreeBSD 4.10-RELEASE-p23 #8: Mon 
Jun 14 16:41:41 KRAST 2004 
root @ core. firma.ru:/usr/obj7usr/src/ 
sys/core i386 

06 HOB;ieHMe 

nopTMpOBBHHblX npMJIOWeHMM 

He ceKpei, hto b npM/io>KeHM5ix, yciaHOB/ien- 
Hbix M3 CMCieMbi nopTOB OC FreeBSD, co 
BpeMeHeM io>Ke Moryi HaiiTMCb y/i3BMM0CTM. 
ripM/io>KeHM5i Moryi no/iyHMib Aono/iHMie/ibHbie 
cpyHKAMM, KOTopbie BaM Moryi noHaAo6MibC5i. 
Mo)kho o6HOB/i5iTb npM/io)KeHM5i nyieM yAa/ie- 
HM51 CiapblX M yCiaHOBKM HOBbIX, HO cyiAecTByoT 
6o/iee npocTOM m yAodHbiM motoa — Bocno/ib- 
30BaibC5i portupgrade, oahom m 3 nopiMpoBan- 
Hbix yiM/iMT. VcTaHOBMM ee: 

# cd /usr/ports/sysutils/portupgrade 

# make install clean 

ri0/lb30BaTbC51 3T0M yiM/lMTOM OHeHb npO- 
CTO. flonyCTMM, HaM Heo6xOAMMO odHOBMTb 
npM/io)KeHMe Midnight Commander: 

# portupgrade me 

ripM/io>KeHMe 6yA6T obnoB/ieno b cooiBeicT- 
BMM c noc/ieAHeM BepcMeM,yKa3aHH0M b cMcie- 
Me nopioB. YiM/iMia portupgrade MMeei eme 
HecKO/ibKO no/ie3Hbix onuMM, osnaKOMMibc/i c 
KOTopbiMM MO)KHO Ha cnpaBOHHbix cipaHMuax 
man portupgrade. ■ ■ ■ A/iexcaHAp Cojiobkob 
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# 3KCn/iyATAUMyi/_ paeora c KOHCo;ibio 



KoMaHAbi aAMMHMCTpupoBaHMfl FreeBSD 

Ka>KAbm no/ibsoBareAb FreeBSD m 3 ceKTopa SOHO — aAMUHUCTpaiop 
CBoePi MaujMHbi, a cpeAM no;ib 30 BaTe;ibCKMX MHTep(j)eMCOB Unix-cucTeM 
no-npe>KHeMy papcTByeT KOMaHAHan cipoKa. FlosTOMy, ecAH FreeBSD — 
BaiU Bbl 6 op, BaM He M 36 e>KaTb anaKOMCTBa C KOHCOAbHbIMM KOMaHAaMM 
aAMMHMCTpnpOBaHMfl. 


nepauMOHHbie cMcieMbi ceMeMCTsa 
Unix, KpaMHe nony;i5ipHbie KaK cepeep- 
Hbie M lexHo/iorMHecKMe, b noc/ieAHee 
BpeM5i ycipeMM/iMCb b o6;iacTb SOHO. FreeBSD 
He OTCTaei ot cbomx co6paibeB: b noroHe sa 
;i 051/1 bHocTbfo KOHeHHbix no/ibsoBaie/ieM ao 
npeAe/ia ynpocTn;iC5i npouecc yciaHOBKM; 
aAeKBaiHO nono/iH5ieTC5i chmcok noAAep>KM- 
BaeMoro o6opyAOBaHH5i m nporpaMMHoro 
o6ecneHeHM5i; npM sarpysKe KOMnbfoiepa aa- 
TOMaiMHecKM 3anycKaeTC5i rpac|DMHecKMM mh- 
Tepcj/eMC. Ho xot5i yAo6Hbm GUI CTaHoemc/i 
HopMOM A-H51 Unix-noAo6Hbix onepauMOHHbix 
CMCieM, 6es kombhahom cipoKM no-npe>KHeMy 
He o6oMTMCb. Fpac|DMHecKMe npn;io>KeHM5i 5 ib- 
;i51K)TC51 /IMlUb CKpOMHbIM AOnO/lHeHMeM K KOH- 
co/ibHbiM yiM/iMTaM — BeAb, KBK M npe>KAe, 
;iK)6yK) saAany bo FreeBSD mo>kho peiuMib c 
noMOiAbfo kombhahom cipoKM, He npn6era5i k 
noMOiAM OKOHHbix MeHeA>KepoB. B neKOiopbix 
c/iyHB5ix 6es kohco/im Boo6me ne/ibs/i, tbk kbk 


MHorne Unix-nporpaMMbi ao cmx nop tbk m He 
o63aBe/iMCb rpac|DMHecKMM nHTepc|DeMCOM. To 
>Ke caMoe mo>kho CKa3aib o pa6oie c ApyrMMM 
MaiuMHaMM no ceiM: necMoip/i na Ha/iMHne 
yiM/iMT ynpaB/ieHM5i yAa/ieHHbiM rpacfiMHec- 
KMM pa6oHMM cTO/iOM (k npHMopy, VNC), pa- 
6otb c KOHco/ibfo OKa3biBaeTC5i npome, 6bici- 
pee, a npM Mcno;ib30BaHMM KOMMepnecKMx 
KBHa/iOB nepeAaHM AaHHbix — eme m Aemee- 
;ie a-h/1 no/ib30BaTe/i5i. He ctomt 3a6biBaib 
TaK>Ke 0 TOM, HTO CyiAeCTBeHHblM OT/lMHHeM 
FreeBSD ot onepauMOHHbix cmctom KOMnaHMM 
Microsoft no-npe>KHeMy 5iB/i5ieTC5i CTBTyc B/ia- 
Ae/ibua MaiuMHbi. B MMpe Unix oh He npocTO 
no/ibaoBBTe/ib, oh — aAMMHMCTpaTop cmcto- 
Mbi. To, HTO onepauMOHHbie CMCTeMbi ceMen- 
CTBB Windows nbiTafOTC/i AO/iaTb cbmm, opneH- 
Tnpy5icb Ha noTpe6HOCTM «HAea;ibHoro cpeA- 
HecTBTMCTMHecKoro no/ib30BaTe/i5i», B pacne- 
Te Ha KOToporo ohm m 6bi/iM cosAanbi, bo 
FreeBSD no/ibaoeaTe/ib-aAMMHMCTpaTop koh- » 
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» cfiMrypHpyei jimhho ce65i, c yneiOM cbomx 
co6cTBeHHbix noTpe6HocT6M M saABH, a TaK>Ke 
Hy>KA CBOMX no/ibsoBaie/ieM (ec/iM laKOBbie, 
KOHCHHO, MMefOTC5l). 

l/liaK, BO FreeBSD no-npe>KHeMy He o 6 om- 
TMCb 6es 3HaHM51 KOHCO/lbHblX KOMBHA M B 
nepByfo onepeAb — KOHCo/ibHbix yiM/iMi f\j\s\ 
aAMMHMCTpMpOBaHM51 CMCieMbl. PaCCMOTpMM 
ciaHAapTHbie saAaHM aAMMHMCTpaiopa m koh- 
co/ibHbie cpeACTBa, Koiopbie noMoryi eMy b 
pemeHMM BOSHMKafoiAMx npo6;ieM. 

CnpaBKa npe)Kne acero 

fla>Ke caMbiM onbiTHbm Unix-aAMMHMCTpaiop 
He B C0CT051HMM SanOMHMTb CMHIBKCMC BCeX 
KOHCO/lbHblX KOMBHA. 06blHHOMy nO/lbSOBBTe- 
/IfO AOCTBTOHHO B/iaACTb /IMlUb 6a30BblMM KOH- 
CO/lbHblMM KOMaHAaMM, HT 06 bl HMKOrAa He 
«nOTep/lTbC51» B KOMBHAHOM CTpOKe, — Hy>KHO 
/iMiubyMeTb no/ib30BaTbC5i cnpaBOHHOM CMCie- 
MOM FreeBSD. Ee r/iaBHa/i nporpaMMa — yiM- 
/iMTB man. 3 to, no>Ka;iyM, caMa/i nony/i/ipna/i 
KOMBHAa y HBHMHBfOlAMX nO/lbBOBBTe/ieM 
FreeBSD, oahbko eio He rnyiuafOTC/i m «rypy» 
onepauMOHHbix CMCieM Unix. YKaabiBa/i b kb- 
HecTBe apryMenia 3 tom nporpaMMe Ha3BaHM5i 
yiM/iMT M nporpaMM, mo>kho no/iyHMib Heo6- 
xoAMMyio cnpaBOHHyio MHCflOpMaUMK) o hmx. 
FlanpMMep, c/ieAyioiAa/i KOMBHAa BbiBeAei hb 
3KPBH cnpBBKy 0 nporpBMMe pwd: 

$ man pwd 

HaCTb CnpBBOHHblX MBTepMB/lOB XpBHMTC/1 
B cfiopMaTe rMnepieKCTOBOM cnpaBKM GNU 
info. B man-cnpBBKe tbkmx nporpaMM np/iMO 
Aaeic/i peKOMeHAauM/i Bocno/ibaoBBibc/i 


cnpaBOHHOM CMCieMOM info, yKBBblBB/l B KBHe- 
CTBe apryMeHTB HBBBBHMe nporpBMMbi, o ko- 
TopoM Heo6xoAMMO no/iyHMTb cnpaBKy. Fla- 
npMMep, no/iyneHM/i rMnepieKCiOBOM 
cnpaBKM 0 peAaKTope emacs Heo6xoAMMO 
BBecTM c/ieAyioiAyio KOMBHAy 

$ info emacs 

BanacTyfo no/ibaoBaienb He anaei, kbkb/i 
KOHK peiHO nporpaMMa Hy>KHa a-h/i pemeHM/i 
ero 3BAaHM. B stom c/iynae na noMOiAb npM- 
A6T KOMBHAa apropos, KOTOpa/l npOM3BOAMT 
noMCK cpeAM onMCBHMM cfiaM/iOB cnpaBKM no 
K/ifoneBOMy c/iOBy, nepeAaBaeMOMy stom ko- 
MBHAe B KanecTBe apryMeHia. FlanpMMep, 
HTo6bi no/iyHMTb cnMCOK cipaHMA cnpaBKM o 
nporpaMMBx, KOTopbie tbk m^m MHane cb/i- 
3BHbi c npoueccBMM onepauMOHHOM CMCieMbi 
FreeBSD, Heo6xoAMMO BBecTM: 

$ apropos process 

nporpaMMa whatis noBBon/iei yaHaib, a^i^ 
Hero Hy>KHa la m^m mhb/i KOMBHAa, BbiBOA/i ee 
KpaiKoe onMCBHMe. Bottbkmm o6pa30M, na- 
npMMep, MO)KHO y3HBTb, HTO AS/iaeT Ka>KAa51 
nporpaMMa m 3 AnpeKTopMM /usr/bin: 

$ cd /usr/bin; whatis * 

^npaB/ieHMe kohco/iamm 

FreeBSD — MHorono/ibaoBaie/ibCKa/i mhoto- 
3aAaHHB5i onepauMOHHa/i CMcieMa; c/ieAOBa- 
lenbHO, c HeM Moryi paboiaib OAHoapeMenno 
HecKO/ibKO no/ibaoBaie/ieM, Koiopbie 6yAyi 


OAHOBpeMeHHO aanycKBTb paa/iMHHbie npo- 
ueccbi. Fla/iMHMe necKO/ibKMx BMpiya/ibHbix 
KOHCO/ieM Ha OAHOM cf)M3MHeCKOM MBlUMHe 
3HaHMTe/ibH0 ynpomaei pemeHMe tbkmx 3a- 
Aan. no yMO/iHBHMK) FreeBSD aarpy/Kaeic/i c 
BOceMbfo BMpiya/ibHbiMM KOHCO/151MM. Depe- 
K/lfOHBTbC/l Me>KAy HMMM M0)KH0 npM nOMOlAM 
kom 6 mhbumm K/iBBMiu ALt-Fl, ALt-F2 m tbk Aa- 
/lee AO ALt-F8. BMpiya/ibHbie kohco/im hbct- 
paMBBfOTC/i B cfiaMne /etc/ttys, tac ohm onpe- 
Ae/ieHbi KmoneBbiMM c/iobbmm ttyvX. 
OipeAaKTMpOBaTb 3T0T KOHC|DMrypaUMOHHblM 
cfiaMn M3 pe>KMMa cynepno/ib30BaTe/i5i mo>kho 
H ec/10)KH0M KOMBHAOM 

# ee /etc/ttys 

C noMOiAbfo yiMnMTbi kbdcontroL HacipaM- 
BBfOTC/i pa3/iMHHbie napaMoipbi paboibi ApaM- 
eepa K/iaBMaiypbi b BMpiya/ibHOM kohco/im. 
Mo)kho, HanpMMep, mbmohmib CKopocib BbiBOAa 
CMMBO/IOB npM yAep>KaHMM OAHOM K/iaBMlUM, 
BbIK/lfOHMTb C/iy>Ke6HblM 3ByKOBOM CMTHB/l M/IM 
CMeHMTb pacK/iBAKy K/iaBMaiypbi. TaKa/i kombh- 
Aa OTK/ifonaei HaAoeA/iMeyio «nMiAa/iKy»: 

# kbdcontrol -b off 

YiM/iMTa vidcontroL OTBenaei 3a KOHcfiMry- 
pauMfo napaMeipoB ciaHAapTHoro BbiBOAa 
KOHCo/iM. C ee noMOiAbio mo>kho, k npMMepy, 
CMeHMTb BMAeope>KMM CO CTBHAapTHOrO 80x25 
CMMBO/lOB Ha /IfObOM APY^OM, MBMOHMTb ABOT 
C|DOHa M lUpMC|DTa KOHCO/IM, CMOHMTb CBM 
mpMCflT, CAe/lBTb CKpMHlUOT 3KpaHB KOHCO/IM M 
MHoroe APY^oe... C/ieAYK/iua/i KOMBHAa ycTa- 
HBB/lMBaeT BMAeope>KMM 80x50 CMMBO/lOB M 
3e/ieHbiM ABOT mpMcfiTa kohco/im: » 
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# 3KCn/iyATALlMyi/_ pa6oia c KOHCO/ibio 
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napaMeipbl HaKonMie/ieii xpaHsiTcn b <t>aM;ie /etc/fstab 




» # vidcontrol 80x50 green 

A BOT T3K MO>KHO nOCMOipeib, HTO TBOpMT- 
C51 Ha ipeibeM BMpiya/ibHOM kohco/im: 

# vidcontrol -P </dev/ttyv3 

^TM/IMTbl (|)aM;iOBOM CMCTeMbI 

Bo FreeBSD nepeA leM, KaK no/iyHMTb Aociyn k 
MHC|DO pMaUMM Ha >KeCTKMX AHCKax, CD, DVD MnM 
;iK)6bix ApyrMx H0CHTe;i5ix, mx Heo6xoAHMO 
CHana/ia CMOHiMpoBaib b onpeAe/iennoM toh- 
Ke MOHTHpOBaHM51 B AGpeBe CfiaM/lOB. 06blHHO 
jiOKa/ibHbie pasAe/ibi MOHTnpyK)TC5i onepauM- 
OHHOM CMCieMOM aBTOMaiMHecKM npM sarpys- 
Ke. fl/151 3Toro FreeBSD Mcno/ibsyei KOHcj3nry- 
pauMOHHbiM (jDaM/i /etc/fstab, b KoiopoM 
yKasaHbi Tnnbi cfiaM/iOBbix cMcieM na ycipoMci- 
Bax, TOHKM M napaMeipbl mx MOHTMpOBaHM51. 

MOHTMpOBaHM51 yCTpOMCTB B pyHHOM 
pe>KMMe Mcno;ib3yeTC5i KOMaHAa mount. B ap- 
ryMOHiax ashhom KOMaHAe neobxoAMMO yKa- 
saib MM51 MOHTMpyeMoro ycipoMCTBa, tmh cfiaM- 
nOBOM CMCTeMbI Ha HeM, TOHKy MOHTMpOBaHM51, 
a npM HeobxoAMMOCTM TaK>Ke Aono/iHMie/ibHbie 
napaMeipbl. FlanpMMep, mo>kho CMOHiMpoBaib 
HOCMie/lb MHCflOpMaUMM B pe>KMMe «TO;ibKO 
HTeHM51», HTo6bl M36e>KaTb OlUMbOHHOrO M3Me- 
HeHM5i AaHHbix Ha HeM. C;ieAyK)iAa5i KOMaHAa 
MOHTMpyei AHCKeiy b TOHKe /tmp/floppy: 

# mount -t msdos /dev/fdO /tmp/floppy 

Hio6bi KoppeKTHO M 6e3 noiepM AaHHbix 
M3BneHb ycipoMCTBO M3 KOMUbfoiepa, ero He- 


obxoAMMO nepBOHana/ibHo pa3MOHTMpoBaib 
KOMaHAOM umount,yKa3aB b KaneciBe napa- 
Meipa TOHKy MOHiMpoBaHM5i. OnepauMOHHa^i 
CMcieMa cbpocMT Ha ycipoMciBO bck) neco- 
xpaHeHHyio MHcfiopMauMK) m 3 Keiu-naM5iTM m, 
eC/lM eCTb TaKa51 B03M0>KH0CTb, OCiaHOBMT pa- 
6oiy ycipoMCTBa. 

# umount /tmp/floppy 

fl/151 aAMMHMCipMpoBaHM5i paBAO/iOB (cnaM- 
cob) >KecTKoro ahckb Mcno/ibayera nporpaM- 
Ma fdisk. C ee noMOiAbio mo>kho no/iyHMib mh- 
cfiopMauMK) 0 cymecTByioiAMX pa3Ae;iax na 
>KecTKOM AHCKe, C03Aaib M yAa/iMTb MX. Flpo- 
rpaMMa fdisk 6ea napaMeipoB OTo6pa>KaeT 
MHc|DopMauMK) 0 KOHcfiMrypauMM TOKymero 
>KecTKoro AHCKa: 

# fdisk 

Floc/ie co3AaHM5i pa3Ae;ia HeobxoAMMO CHa- 
Ha/ia npMCBOMTb eMy MeiKy KOMaHAOM bsdlabel. 
3aieM yiMnMTOM newfs mo>kho 6yAei co3Aaib Ha 
HeM HOByio cjDaMnoByK) CMCieMy TMna UFS. Ec/im 
B KanecTBe napaMeipoB kombhao bsdlabel yKa- 
3aib TO/lbKO MM51 AHCKB, 6yA6T BblBeAOHa MH- 
cj3opMauM5i 0 TeKymeM MeiKe na pa3Ae;ie: 

# bsdlabel /dev/daOsl 

YiM^Mia newfs MMeei MH0>KecTB0 ou[\m 
KOMaHAOM CipOKM, n03B0/15n0lAMX M3MeH51Tb 
napaMeipbl no yMO/inaHMio cosAaeaeMbix 
cjDaMnoBbix CMCieM. EcnM b apryMOHiax yiM- 
nMie yKaaaib lonbKO mm5i pasAena, cfiaMno- 
Ba5i CMcieMa 6yAei cosAana co ciaHAapTHbi- 
MM napaMeipaMM: 


# newfs /dev/daOsl 

Hacib napaMeipoB, KOTopbie mo>kho 6bmo 
yKaaaib npM co3AaHMM cfiaMnoBOM cMcieMbi, 

MO>KHO 6yA6T M3MeHMIb B Aa/lbHOMlUeM C nOMO- 

lAbfo KOMBHAbi tunefs. 3anycKa5i tunefs c fuifo- 
HOM -p, no;ib30BaTe;ib no/iyHMiieKyiAMe SHane- 
HM51 napaMeipoB, AOCiynHbix a^i^ M3MeHeHM5i: 

# tunefs -p 

rio/iyHMTb MHcfiopMauMK) o6o Bcex napaMe- 
ipax cfiaMnoBbix cmctom hb pa3Ae;iax >KecTKO- 
ro ahckb bo FreeBSD mo>kho c noMOiAbio ko- 
MBHAbi dumpfs. 

# dumpfs /dev/daOsl 

YiM^Mia growfs no3Bo;i5ieT yBe/iMHMib paa- 
Mep pasAe/ia cfiaMnoBOM cMcieMbi. C;ieAYK)iAa5i 
KOMaHAa yBe/iMHMT napiMUMfo /dev/vinum/ 
testvol AO AByx rnrabaMi (pasMep pa3Ae;ia 
3aAaeic5i b 6;ioKax): 

# growfs -s 4194304 /dev/vinum/testvol 

npoBepKM c|DaMnoBOM CMCieMbi na na- 
nMHMe oium6ok McnonbayeTC^i yiMnMia fsck. 

3to ochobhom MHCipyMeHT noAAop>KaHM5i cfiaM- 
noBbix CMCieM FreeBSD b paboneM cocto5ihmm. 
Bes napaMeipoB fsck npoMSBOAMi npoBepKy 
pasAe/iOB, yKBSBHHbix B cfiaMne /etc/fstab. 

# fsck 

KOMBHAa df BbIBOAMT HB 3KpBH pB3Mep 
Ka>KAOrO M3 CMOHTMpOBaHHbIX B CMCTCMe pa3- » 
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» Ae/iOB, o6-beM cBo6oAHoro Mecia m o6iamm 
pasMep c|DaM;iOB Ha Ka>KAOM ns hmx. 

$df -h 

rioxo>KMe cfiyMKAMM Bbino;iH5ieT yTM/ima du: 
c ee noMOiAbfo mo>kho noACHmaib, CKO/ibKO 
Mecia saHHMaeiia m;im nHa5i AnpeKTopn5i Ha 
Hocme;ie m;im Ka>KAa5i ns noAAnpeKiopMM yKa- 
saHHoro Kaia/iora. TaK, c k/ik)hom -sh mo>kho 
no/iyHMTb cyMMapHbiM pasMep Bcex cjDaM/iOB b 

3TOM A^peKTOpHM M BC6X 66 nOAAHpeKTOpH51X: 

$ du -sh 

linpaB/ieHMe npoqeccaMM 

Ka>KAa5i 3anyiA6HHa5i bo FreeBSD nporpaMMa — 
3TO OAMH M/iM HecKO/ibKO npoueccoB B onepa- 
TMBHOM naM5iTM KOMObfoiepa. 3anycKa5i npo- 
rpaMMy, no/ibsoBaie/ib nopo>KAaeT npouecc, 
KOTOpblM, B CBOfO OHepeAb, MO>KeT nopOAMTb 
ApyrMe npoueccbi. Hap^iAy c npoueccaMM 
no/ibsoBaie/ieM b naM5nn MaiuMHbi noci05iHHO 
HaxoAMTC5i HecKO/ibKO CMCT6MHbix npoueccoB, 
KOTopbie o6ecneHMBafOT cfiynKUMOHHpoBaHMe 
FreeBSD. FlocKO/ibKy npoueccbi Moryi«3aBM- 
caib», noipe6;i5iTb c/imiukom mhoto pecypcoB 
M/iM Bbi3biBaib KOHcjD/iMKTbi, cyiAecTByei Ha6op 
KOMaHA ynpaB/ieHM5i mmm. 

KoMaHAa ps BbiBOAm chmcok npoueccoB, 
aanymeHHbix b CMCieMe na leKyiAMM MOMeni. 
Flo yMO/iHaHMfo ps OTo6pa>KaeT npoueccbi, npM- 
HaA/ie>KaiAMe aanyciMBiueMy ee no/ibaoBaie/ifo. 

$ ps 

Ana/ioroM KOMaHAbi ps 5iB;i5ieTC5i yiM/ima 
top. Be3 Aono/iHMie/ibHbix apryMeniOB ko- 
MaHAHOM CipOKM top BbIBOAMT Ha 3KpaH 
cni/icoK Bcex npoueccoB b CMCieMe, paccop- 
TMpoBaHHbiM no npoueniy aarpysKM Ka>KAbiM 
npoueccoM I4FI KOMnbfoiepa. 

$ top 

Bee npoueccbi MMefoi MAeHTMcjDMKauMOH- 
Hbie HOMepa: PID. FlepeAaBa^i HOMepa cbomx 
npoueccoB b KaneciBe apryMeniOB KOMaHAe 
kUL, no/ibsoBaie/ib MO>KeT aaBepiumb mx. Cy- 
nepno/ibsoBaie/ib MO>KeT laKMM o6pa30M 3a- 


Bepmaib ;ik)6om npouecc ;iK)6oro no/ibaoBaie- 
j]f\, B TOM HMc/ie M cMcieMHbie npoueccbi. 

C;ieAyK)iAa 5 i KOMaHAa aaBepium npouecc 
(to ecTb nom/iei npoueccy CHrna/i 9 , sigkiU) 
noA HOMepoM 137. 

$ kill -9 137 

C noMOiAbfo KOMaHAbi killall mo>kho aaaep- 
lUMTb rpynny npoueccoB no MMeHM: nanpM- 
Mep, c/ieAyK)iAa 5 i KOMaHAa ociaHOBm Bce 
npoueccbi Be 6 -cepBepa Apache: 

# killall -9 httpd 

BnpoH 6 M, laKoe o 6 xo>KAeHMe c npoueccaMM 
51 B;i 5 ieTC 51 BHemiaTHblM M AO/DKHO npMM 6 H 51 TbC 51 
jiMiub B KpaMH 6 M c/iyHae — nanpMMep, KorAa 
Aa/ibHeMiuee Mcno/ineHMe npouecca yrpo>KaeT 
CTa 6 n;ibHOCTM BC 6 M CMCT 6 Mbi B ue/iOM. MHome 
nporpaMMbi MMeiOT ciaHAapinbie cnoco 6 bi 3 a- 


BepmeHM5i pa6oibi, m mm 6 hho mmm Hy>KHO nbi- 
TaibC5i no;ib30BaTbC5i b nepByio onepeAb. 

yKa3biBa5i B apryMeHiax KOMaHAaM kill m 
killall ApyrMe HOMepa CMrHa/iOB, mo>kho paa- 
jiMHHbiM o6pa30M B/iM5iTb Ha pa6oiy npouec- 
COB. FlanpMMep, npM no/iyneHMM CMrna/ia 1 
(sighup) npoueccbi o6biHHo nepeHMibiBaiOT 
CBOM KOHcfiMrypauMOHHbie cfiaM/ibi: 

# kill -1 2087 

KoMaHAa jail C03Aaei a /151 npouecca BMpiy- 
a/ibHyio MaiuMHy FreeBSD. no/ibaoBaie/ib «3a- 
nMpaei» npouecc b paMKax 3 tom BMpiya/ibHOM 
MaiuMHbi, yKa 3 biBa 5 i b apryMeniax kombhahom 
cipoKM ee MM 51 , IP-aApec, a TaK>Ke AHpeKiopMio 
OCHOBHOM cfiaM/lOBOM CMCT 6 Mbl, KOTOpa 51 6 yA 6 T 
c;iy>KMTb KopneBOM yKaaaHHoro npouecca 
M Bcex ero noAnpoueccoB. Tbkmm o 6 pa 30 M, a-h^i 
no;ib 30 BaTe;ieM na oahom KOMnbfoiepe mo>kho 
co 3 Aaib M/i;iK) 3 MK) pa 6 oibi c BbiAe/ieHHbiMM Ma- » 


BasoBbie KOMaHflbi 


OcHOBa pa6oTbi a kohco;im 


XOTH OO-nbLUMHCTBO OaSOBbIX KOHCO-HbHblX 
nporpaMM Mivieei rpacj)MHecKMe ana-norM, 
3Haib CMHiaKCMC MX KOHCO-HbHblX BapMaH- 
TOB npocTO Heo6xoAMMO. Bot He6o-nbLiJOM 
CHMCOK OCHOBHbIX KOHCO-HbHblX KOIN/iaHA- 

CnvicoK (J)aMJiOB b TeKymeii AvipeKTopvm: 

$ls -F 

IloApodHbm jiviCTviHr TeKymeii AvipeKTopvivi: 
$ls -I 

TeKyman AvipeKTopun: 

$ pwd 

CMena TeKymeii AvipeKTopvm: 

$ cd AvipeKTopviH 

KonvipoBaHvie (J)aMJia: 

$ cp (J)aMJi AvipeKTopviH 

EepeviMeHOBaHvie/nepeMeiAeHvie (J)aMJia: 

$ mv (J)aMJi AvipeKTopviH 

VAajieHvie (J)aMJia: 

$ rm (J)aMJi 


CMena BjiaAejibAa (J)aMJia: 

$ chown nojib 30 BaTejib:rpynna (J)aMJi 

CMena npaa Aociyna k (J)aMJiy: 

$ chmod npaBa (J)aMJi 

CnpaBKa o KOMauAax vi ycTaHOBjieHHbix 
nporpaMMax: 

$ man KOManAa 

IlpocMOTp (J)aMJia: 

$ less (J)aMJi 

PeAaKTvipoBaHvie (J)aMJia (pasHvma b 
M cnojibsyeMbix leKCTOBbix peAaKTopax): 
$ ee (J)aMJi 
$ vi (J)aMJi 

rioMCK (J)aMJia: 

$ find MacKa 

IlovicK noACTpoKM B (J)avijiax: 

$ grep noACipoKa MacKa 

CMena TeKymero nojibsoBaiejiH: 

$ su nojibsoBaiejib 
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# 3 KCn/iyATALlMyi/_ pa 6 oia c KOHCO/ibio 


» lUMHaMM. HTo6bi npouecc b paMKaxjaU Moryc- 
neiuHo pa6oTaib, Heo6xoAHMO npeABapme/ib- 
Ho noAroTOBMTb f\j\s\ Hero CTaHAapiHbm Ha6op 
cfiaM/iOB AHCTpn6yTMBa FreeBSD, KOTopbm ao/i- 
>KeH 6biTb pasMemeH b KopneBOM a^^ jaH-npo- 
UeCCa AHpeKTOpHM. ri 0 AP 06 H 0 BCe MHCTpyKUMM 
no noAroTOBKe k cosAaHMfo jaU-npouecca onn- 
caHbi B cnpaBOHHOM cfiaM/ie no jail: 

$ man jail 

yiHnma cron sanycKaei nporpaMMbi c sa- 
AaHHOM nepMOAMHHOCTbfo no pacnMcaHMfo. 

3to nnaHMpoBiAMK saAan FreeBSD. Cynepno/ib- 
soBaie/ib Ao6aBn5ieT HOBbie saAaHM b o6iAecn- 
cieMHbiM c|DaM;i pacnncaHM5i /etc/crontab, ko- 
TopbiM nepMOAMHecKM nepeHMTbiBaeTC5i 
A6M0H0M cron. rio;ib30BaTe;iM Moryi cosAaib 
cfiaM/ibi saAan b cbomx AOMaiuHMx AnpeKTopn- 
5\x, a saieM nepeAaib mx Ha McnonneHMe cep- 
BMcy cron c noMOiAbfo KOMaHAbi: 

$ cron MMH_(J)aMJia_pacnvicaHviH 

Pa6ora c no/ibsoBare/iAMM 


fla>Ke ecnM KOMnbfoiep c FreeBSD Mcno/ibsy- 
eic 5 i TO/ibKO oahmm He/iOBeKOM, B cMcieMe no 
yMonnaHHfo saBOAenbi yneTHbie 3 anncM ne- 
CKO/ibKMx nonb 30 BaTe/ieM: ocHOBHa^i pabona^i 
no;ib 30 BaTe;ibCKa 5 i yneiHa^i 3 anncb, yneiHa^i 
3 anncb cynepno;ib 30 BaTe;i 5 i, CMCieMHbie ynei- 
Hbie 3 anncM, Heo 6 xoAHMbie KoppeKiHOM 
paboTbi HeKOTopbix nporpaMM m CMCieMHbix 
yiHnm. FlocMOTpeib cnncoK Bcex no;ib 30 Ba- 
le/ieM cMcieMbi mo>kho, BbiBOA^i na 3 Kpan 
cf)aM;i yneTHbix aanMcen /etc/passwd: 


$ less /etc/passwd 

B onMcaHMM Ka>KAOM CMCieMHOM yneTHOM 
3 anncM B 3 TOM cjDaM/ie yKaaano, f\j\s\ kbkmx ue- 
neM OHa ncno;ib 3 yeTC 5 i cMcieMOM. flpyroM 
cnoco 6 no/iyHMTb cnncoK no/ibaoBaie/ieM — 
npn 6 erHyTb k moiahom yiHnme pw, c;iy>KaiAeM 
A /151 aAMMHMCTpnpoBaHM 5 i yHOTHbix 3 annceM M 
rpynn b CMCieMe. C;ieAyK)iAa 5 i KOMaHAa ana- 
norMHHa npeAbiAymeM, ho Mcnonbayei 
BbiBOAa cnMCKa no/ibaoBaieneM yiHnmy pw: 

$ pw user show -a 

yiHnmoM pw cynepno;ib 30 BaTe;ib Ao 6 aB- 
;i 5 ieT, peAaKTMpyei m yAa;i 5 ieT yneTHbie 3 ann- 
CM M rpynnbi. Hio 6 bi aaBecTM b CMCieMe ho- 
Boro no;ib 30 BaTe;i 5 i, neobxoAMMO Bbi 3 Baib pw 
c napaMeipoM useradd m Ha 3 BaHneM yneTHOM 
3 anncM B KanecTBe Bioporo apryMenia; hto- 
6 bi yAa/iMTb — c napaMeipoM userdel, a hto- 
6 bi M 3 MeHMTb ero — c napaMeipoM usermod. 
Ana/iorMHHbie napaMeipbi ncno;ib 3 yK)TC 5 i 
Ao 6 aBneHM 5 i, H 3 MeHeHM 5 i m yAa;ieHM 5 i rpynn 
no/ibaoBaie/ieM: groupadd, groupmod m 
groupdel cooiBeiCTBenHo. FlanpnMep, c;ie- 
AyK)iAa 5 i KOHco;ibHa 5 i KOMaHAa co 3 Aaci no/ib- 
30 Baie;i 5 i simpeuser: 

# pw user add simpleuser -c "Simple User" 

-d /home/simpleuser -s /bin/csh 

Bo FreeBSD cyiAeciByfoi a/ibiepHaiMBHbie 
KOMaHAbi paboTbi cyHeiHbiMM 3 annc 5 iMM. 
KoMaHAa adduser 5 iBn 5 ieTC 5 i MHiepaKiMBHOM m 
npeA/iaraei aAMHHHCipaiopy aaBOAMib nonb- 
30 Baie;ieM b Ana;ioroBOM pe>KMMe: 


# adduser 

C nOMOlAbfO MHiepaKiMBHOM KOMaHAbi 
rmuser cynepno/ib 30 Baie;ib MO>Kei yAan^iib 
HeHy>KHbie yneiHbie aanMCM: 

# rmuser viMH_nojib30BaTejiH 

Ana/iorMHHO KOMaHAaM adduser m rmuser, 
KOMaHAa chpass npeAOCiaBn^iei aAMMHMcipa- 
lopy MHiepaKiMBHbiM MHiepcfieMc MSMene- 
HM 51 napaMeipoB yneiHbix sanMceM: 

# chpass MMH_nojib30BaTejiH 

Ka>KAbiM nonb 30 Baienb MO>Kei M 3 MeHMib 
CBOM napo/ib caM 0 Ci 05 iie;ibH 0 c noMOiAbio 
npocioM KOMaHAbi passwd, BbisBaHHOM 6 e 3 
napaMeipoB. Cynepno;ib 30 Baie;ib c noMOiAbio 
3 IOM yiMnMibi iaK>Ke M 3 MeH 5 iei napo/iM Apy- 
rMx nonb 30 Baie;ieM CMCieMbi, yKasbiaa^i mx 
MMOH a B KaneciBe nepBoro napaMeipa: 

# passwd user 

KoMaHAa who bbiboami chmcok no;ib 30 Ba- 
leneM, paboiaioiAMx c cmciomom b hbcio^uamm 
MOM eHi, npMHOM yAa/ieHHbix no;ib 30 Baie- 
neM BbiBOAMiC 5 i IP-aApec MaiuMHbi: 

$ who 

fl/151 3a6biBHMBbix nonb30BaieneM npeAyc- 
Moipena c/ieAyioiAa^i KOMaHAa: 

$ who am i » 
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# 3KCn/iyATALlMyi/_ pa6oia c KOHCO/ibio 


» $ ftp ftp://user:password@ftp.freebsd. 

org:21/pub/ 

KoMaHAa telnet Hy>KHa a^^ KOHCo/ibHoro 
Aociyna KyAa/ieHHOM MaiuMHe no ceiM no 
npoTOKO/iy telnet. KoMaHAa npMHMMaei b Ka- 
HecTBe napaMeipa m;im aApec yAa/ieHHOM 
MaiuMHbi. B TOM c/iynae, ec/iM yAa/ieHHoro 
no;ib30BaTe;i5i OT/iMHaeTC5i ot mmohm no/ibso- 
BaTe/151 jioKa/ibHoro, KOMaHAe Heo6xoAHMO c 
noMOiAbfo K/ifona -lyKasaib yAa/ieHHOM 
yneTHOM sanMcm 

$ telnet -I nojibsoBaTejib yAajieHHbm_cepBep 

riporpaMMa ssh aHanornHHa KOMaHAe tel- 
net HO yAaneHHoro AOCiyna Mcnonbsyei 
6onee 6e3onacHbm npoioKon SSH. l/lcnonb30- 
BaHMe ssh npeAnoMTHie/ibHee, laK KaK b ot^m- 
HMe OTyiMnHTbi telnet KOTopa^i nepeAaei na- 
ponb nonb30Baien5i no ceiM b OTKpbiTOM bma 6, 
ssh nonbaoBaienbCKHM naponb nepeA nepeAa- 
Hen cepBepy npeABapmenbHO mMcjDpyeT: 

$ ssh nojib30BaTejib@yAajieHHbiM_cepBep 

C noMOiAbfo nporpaMMbi scp mo>kho nepe- 
AaBaib no npoTOKony SSH-cfiaMnbi Me>KAy Ma- 


lUMHaMM ceiM. Hcnonb30BaHne scp npeAno- 
HTMienbHee ncnonb30BaHM5i nporpaMMbi ftp no 
TOM >Ke npMHMHe, no KOTopoM nyHiue Mcnonb- 
30BaTb ssh, HOM telnet: KaK aBTopMsauMOHMyio 
MHcjDopMauMK), TaK M KOOMpyeMbie c|DaMnbi scp 
nepeAaeT no cotm b 3aiuMc|DpoBaHHOM bma6. 
ripMMepbi Mcnonb30BaHM5i nporpaMMbi scp: 

$ scp jioKajibHbiM_(J)aMJi nojibsoBBTejib 
@yAajieHHbiM_cepBep :yAajieHHaH_ 
AvipeKTopviH 

$ scp nojib30BaTejib@yAajieHHbiM_cepBep: 
yAajieHHbiM_(J)aMJi jioKajibHaH_ 
AvipeKTopviH 

flepesarpysKa 
M BblK/IIOHeHMe KOHnblOTepa 

FreeBSD, KaK m Apyrne coapeMeHHbie onepa- 
AMOHHbie CMCTeMbI, He nio6MT BblKniOHeHM51 
KOMnbiOTepa 6ea npeAynpe>KAeHM5i. FlepeA 
BbiKniOHeHMeM nMTaHM5i KOMnbiOTepa Bce 
nonb30BaTenbCKMe m CMCTeMHbie npoueccbi 
Heo6xoAMMO saBepmaTb lUTaTHbiM o6pa30M: 
nepBbie — HTo6bi no bo3mo>khoctm He noTe- 
p5iTb Ba>KHbie AaHHbie, naxoA^iiAMec^i b npo- 
uecce peAaKTMpoBaHM5i, BTopbie — HTo6bi 
npM cneAyioneM aanycKe He ocTaeanocb 6no- 


KMpOBOHHblX cfiaMnOB M BCe CMCTeMHbie KOM- 
noHeHTbi CTapTOBanM KoppeKTHo. OannoBbie 
CMCTeMbI AO/DKHbl 6blTb paSMOHTMpOBaHbl, 
HTo6bi He noTep5iTb MHcfiopMaAMK), HaxoA^iiAy- 
K)C5i B Keiue M eme ne sanMcaHHyio na caM ho- 
CMTenb. lUTaTHoro 3aBepiueHM5i pa6oTbi 
FreeBSD Mcnonb3yiOTC5i KOHConbHbie KOMaHAbi 
halt M reboot. Bbi3BaHHa5i 6ea napaMOTpoB 
cynepnonb30BaTeneM KOMaHAa halt KoppeKT- 
Ho saaepiuMT paboTy onepauMOHHOM CMCTOMbi 
M BbiKnioHMT KOMHbioTep, KOMaHAa reboot — 
nepeaarpysMT ero: 

#halt 

# reboot 

KoMaHAa shutdown npeACCTaan^ieT cynep- 
nonb30BaTenio 6onbiue B03M0>KH0CTeM: c ee 

nOMOlAbK) MO>KHO yKasaTb CMCTOMO BbinO/lHMTb 

OTno>KeHHyK) nepeaarpysKy m^m BbiKniOHeHMe 
KOMnbiOTepa, yKaaaTb coobmeHMe, KOTopoe 
6yA6T paaocnaHO na kohco^m Bcex nonbaoaa- 
TeneM, HTo6bi coobiAMTb mm o npeACT05UAeM 
BbiKnioHeHMM cepaepa m o HeobxoAMMOCTM aa- 
eepiuMTb BCK) paboTy c CMCTeMOM. CneAyioiAMe 
BapMaHT KOMaHAbi shutdown nepea Aec5iTb 
MMHyT ocTaHOBMT FreeBSD m BbiKniOHMT nMTa- 
HMe y KOMnbiOTepa, npeABapMTenbHO nocnaa 
BceM nonb3oaaTen5iM npeAynpe>KAeHMe: 

# shutdown -p +10:00 Finish your tasks in 

10 minutes, the server will be halted 

SaK/iKiHeHMe 


3A6Cb npMBeAOH Aa/ieKO ne nonubiM chmcok 
KOHCo/ibHbix KOMaHA, KOTopbie MoryT noHaAO- 
6MTbC5i aAMMHMCTpaTopy FreeBSD b noBceA- 
HeBHOM paboTe m nacipoMKe cMcieMbi. Ho, 
3Ha5i baaoBbie npMHUMnbi paboTbi OC b uenoM 
M Mcnonbay5i cnpaaKy, nonbaoBaienb y>Ke 
CMO>KeT He HyBCTBOBaTb ceb5i Hy>KaKOM b ko- 
MaHAHOM CTpOKe. HeCMOTp51 Ha TO, HTO rpacflM- 
HecKMM MHTepc|3eMc aanacTyio yAobnee m na- 
rn5iAHee, paboTaTb c npMno>KeHM5iMM a 
KOHConM bbiCTpee, a a neKOTopbix CMTyauM5ix 
M HaAe>KHee. FloaTOMy ne Hy>KHO bo5iTbC5i m 
MaberaTb kombhahom CTpoKM. ycneiuHOM 
paboTbi c FreeBSD KOHConb AO/DKHa ctbtb 
ApyroM aAMMHMCTpaTopa. 

■ ■ ■ AjieKcaHAp lOpbMH 


IlMCKOBbie KBOTbl 


flo oqHOM naHKe a pyKM 

Henbsn He ynoivmHyrb o SHaivieHMTOM ecTpo- 
eHHOM MexaHMSivie AMCKOBbix KBOT FreeBSD. 
C nOMOLAblO KBOTMpOBaHMH aAMMHMCTpaTOp 
MO>KeT orpaHMHMTb McnonbsoBaHMe ahcko- 
Boro npocTpaHCTBa OTAenbHbiMM nonbsoBa- 
TenniviM m^m mx rpynnaiviM. KBOTMpoBaHMe 
AoniKHO bbiTb BfcniOHeHO Ha ypoBHe HApa. B 
CMCTeiviHOM K 0 H(t)Mrypai 4 M 0 HH 0 M 4 )aMne 

/etc/rc.conf b nepeMennoM enable_quotas 
Hy>KHO ycTanoBMTb «YES», a b ct)aMne /etc/ 
fstab AobaBMTb napaMeTpbi userquota m 
groupquota TeM c|)aMnoBbiivi CMCTeiviaivi, ahh 
KOT opbix 3T0T iN/iexaHMSM HeobxoAMM. 

HTObbI HaSHaHMTb CObCTBeHHO KBOTbl, HOOb- 

XOAMMO BOcnonbBOBaTbCH KOiviaHAOM edquo- 
ta, yKasaB eM b KanecTBe napaivieTpoB rcniOH 
-u M Mivm nonbBOBaTenn, KOTopoiviy neobxo- 
AMMO HaSHBHMTb nMMMTbl (M^M, COOTBOTCT- 

BeHHO, hcniOH -g M HasBaHMe rpynnbi). 


# edquota -u viMH_nojib30BaTejiH 

KoMBHAa edquota OTKpoeT ycTanoBneHHbiM 
no yMonnaHMio peAaKTop, b kotopom a-hh 
K aiKAOM (taPmOBOM CMCTeMbI C BhCniOHeHHOM 
noAAep>KKOM KBOTMpoBaHMH nponMcaHbi 
CTaHAapTHbie orpaHMneHMH AHCKOBoro npo- 
CTpancTBa. FlpM HeobxoAMiviocTM 3 tm SHane- 
HMH MO>KHO M3MeHMTb. HOBbie KBOTbl BCTy- 

HHT B AencTBMe cpasy nocne saKpbiTMH pe- 
AaKTopa. ripoBepMTb AencTBMe kbot mo>kho 
c noMOLAbio KOMBHAbi quota, yKasaB ePi b 
K anecTBe apryivieHTa Mivm nonbsoBaTenn, 
MnM (npM McnonbsoBaHMM Kniona -g) na- 
SBaHMe rpynnbi: 

# quota MMR_nojib30BaTejiR 
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# 3KCn/iyATALlMyi/_ pa6oia c KOHCO/ibio 


» $ ftp ftp://user:password@ftp.freebsd. 

org:21/pub/ 

KoMaHAa telnet Hy>KHa a^^ KOHCo/ibHoro 
Aociyna KyAa/ieHHOM MaiuMHe no ceiM no 
npoTOKO/iy telnet. KoMaHAa npMHMMaei b Ka- 
HecTBe napaMeipa m;im aApec yAa/ieHHOM 
MaiuMHbi. B TOM c/iynae, ec/iM yAa/ieHHoro 
no;ib30BaTe;i5i OT/iMHaeTC5i ot mmohm no/ibso- 
BaTe/151 jioKa/ibHoro, KOMaHAe Heo6xoAHMO c 
noMOiAbfo K/ifona -lyKasaib yAa/ieHHOM 
yneTHOM sanMcm 

$ telnet -I nojibsoBaTejib yAajieHHbm_cepBep 

riporpaMMa ssh aHanornHHa KOMaHAe tel- 
net HO yAaneHHoro AOCiyna Mcnonbsyei 
6onee 6e3onacHbm npoioKon SSH. l/lcnonb30- 
BaHMe ssh npeAnoMTHie/ibHee, laK KaK b ot^m- 
HMe OTyiMnHTbi telnet KOTopa^i nepeAaei na- 
ponb nonb30Baien5i no ceiM b OTKpbiTOM bma 6, 
ssh nonbaoBaienbCKHM naponb nepeA nepeAa- 
Hen cepBepy npeABapmenbHO mMcjDpyeT: 

$ ssh nojib30BaTejib@yAajieHHbiM_cepBep 

C noMOiAbfo nporpaMMbi scp mo>kho nepe- 
AaBaib no npoTOKony SSH-cfiaMnbi Me>KAy Ma- 


lUMHaMM ceiM. Hcnonb30BaHne scp npeAno- 
HTMienbHee ncnonb30BaHM5i nporpaMMbi ftp no 
TOM >Ke npMHMHe, no KOTopoM nyHiue Mcnonb- 
30BaTb ssh, HOM telnet: KaK aBTopMsauMOHMyio 
MHcjDopMauMK), TaK M KOOMpyeMbie c|DaMnbi scp 
nepeAaeT no cotm b 3aiuMc|DpoBaHHOM bma6. 
ripMMepbi Mcnonb30BaHM5i nporpaMMbi scp: 

$ scp jioKajibHbiM_(J)aMJi nojibsoBBTejib 
@yAajieHHbiM_cepBep :yAajieHHaH_ 
AvipeKTopviH 

$ scp nojib30BaTejib@yAajieHHbiM_cepBep: 
yAajieHHbiM_(J)aMJi jioKajibHaH_ 
AvipeKTopviH 

flepesarpysKa 
M BblK/IIOHeHMe KOHnblOTepa 

FreeBSD, KaK m Apyrne coapeMeHHbie onepa- 
AMOHHbie CMCTeMbI, He nio6MT BblKniOHeHM51 
KOMnbiOTepa 6ea npeAynpe>KAeHM5i. FlepeA 
BbiKniOHeHMeM nMTaHM5i KOMnbiOTepa Bce 
nonb30BaTenbCKMe m CMCTeMHbie npoueccbi 
Heo6xoAMMO saBepmaTb lUTaTHbiM o6pa30M: 
nepBbie — HTo6bi no bo3mo>khoctm He noTe- 
p5iTb Ba>KHbie AaHHbie, naxoA^iiAMec^i b npo- 
uecce peAaKTMpoBaHM5i, BTopbie — HTo6bi 
npM cneAyioneM aanycKe He ocTaeanocb 6no- 


KMpOBOHHblX cfiaMnOB M BCe CMCTeMHbie KOM- 
noHeHTbi CTapTOBanM KoppeKTHo. OannoBbie 
CMCTeMbI AO/DKHbl 6blTb paSMOHTMpOBaHbl, 
HTo6bi He noTep5iTb MHcfiopMaAMK), HaxoA^iiAy- 
K)C5i B Keiue M eme ne sanMcaHHyio na caM ho- 
CMTenb. lUTaTHoro 3aBepiueHM5i pa6oTbi 
FreeBSD Mcnonb3yiOTC5i KOHConbHbie KOMaHAbi 
halt M reboot. Bbi3BaHHa5i 6ea napaMOTpoB 
cynepnonb30BaTeneM KOMaHAa halt KoppeKT- 
Ho saaepiuMT paboTy onepauMOHHOM CMCTOMbi 
M BbiKnioHMT KOMHbioTep, KOMaHAa reboot — 
nepeaarpysMT ero: 

#halt 

# reboot 

KoMaHAa shutdown npeACCTaan^ieT cynep- 
nonb30BaTenio 6onbiue B03M0>KH0CTeM: c ee 

nOMOlAbK) MO>KHO yKasaTb CMCTOMO BbinO/lHMTb 

OTno>KeHHyK) nepeaarpysKy m^m BbiKniOHeHMe 
KOMnbiOTepa, yKaaaTb coobmeHMe, KOTopoe 
6yA6T paaocnaHO na kohco^m Bcex nonbaoaa- 
TeneM, HTo6bi coobiAMTb mm o npeACT05UAeM 
BbiKnioHeHMM cepaepa m o HeobxoAMMOCTM aa- 
eepiuMTb BCK) paboTy c CMCTeMOM. CneAyioiAMe 
BapMaHT KOMaHAbi shutdown nepea Aec5iTb 
MMHyT ocTaHOBMT FreeBSD m BbiKniOHMT nMTa- 
HMe y KOMnbiOTepa, npeABapMTenbHO nocnaa 
BceM nonb3oaaTen5iM npeAynpe>KAeHMe: 

# shutdown -p +10:00 Finish your tasks in 

10 minutes, the server will be halted 

SaK/iKiHeHMe 


3A6Cb npMBeAOH Aa/ieKO ne nonubiM chmcok 
KOHCo/ibHbix KOMaHA, KOTopbie MoryT noHaAO- 
6MTbC5i aAMMHMCTpaTopy FreeBSD b noBceA- 
HeBHOM paboTe m nacipoMKe cMcieMbi. Ho, 
3Ha5i baaoBbie npMHUMnbi paboTbi OC b uenoM 
M Mcnonbay5i cnpaaKy, nonbaoBaienb y>Ke 
CMO>KeT He HyBCTBOBaTb ceb5i Hy>KaKOM b ko- 
MaHAHOM CTpOKe. HeCMOTp51 Ha TO, HTO rpacflM- 
HecKMM MHTepc|3eMc aanacTyio yAobnee m na- 
rn5iAHee, paboTaTb c npMno>KeHM5iMM a 
KOHConM bbiCTpee, a a neKOTopbix CMTyauM5ix 
M HaAe>KHee. FloaTOMy ne Hy>KHO bo5iTbC5i m 
MaberaTb kombhahom CTpoKM. ycneiuHOM 
paboTbi c FreeBSD KOHConb AO/DKHa ctbtb 
ApyroM aAMMHMCTpaTopa. 

■ ■ ■ AjieKcaHAp lOpbMH 


IlMCKOBbie KBOTbl 


flo oqHOM naHKe a pyKM 

Henbsn He ynoivmHyrb o SHaivieHMTOM ecTpo- 
eHHOM MexaHMSivie AMCKOBbix KBOT FreeBSD. 
C nOMOLAblO KBOTMpOBaHMH aAMMHMCTpaTOp 
MO>KeT orpaHMHMTb McnonbsoBaHMe ahcko- 
Boro npocTpaHCTBa OTAenbHbiMM nonbsoBa- 
TenniviM m^m mx rpynnaiviM. KBOTMpoBaHMe 
AoniKHO bbiTb BfcniOHeHO Ha ypoBHe HApa. B 
CMCTeiviHOM K 0 H(t)Mrypai 4 M 0 HH 0 M 4 )aMne 

/etc/rc.conf b nepeMennoM enable_quotas 
Hy>KHO ycTanoBMTb «YES», a b ct)aMne /etc/ 
fstab AobaBMTb napaMeTpbi userquota m 
groupquota TeM c|)aMnoBbiivi CMCTeiviaivi, ahh 
KOT opbix 3T0T iN/iexaHMSM HeobxoAMM. 

HTObbI HaSHaHMTb CObCTBeHHO KBOTbl, HOOb- 

XOAMMO BOcnonbBOBaTbCH KOiviaHAOM edquo- 
ta, yKasaB eM b KanecTBe napaivieTpoB rcniOH 
-u M Mivm nonbBOBaTenn, KOTopoiviy neobxo- 
AMMO HaSHBHMTb nMMMTbl (M^M, COOTBOTCT- 

BeHHO, hcniOH -g M HasBaHMe rpynnbi). 


# edquota -u viMH_nojib30BaTejiH 

KoMBHAa edquota OTKpoeT ycTanoBneHHbiM 
no yMonnaHMio peAaKTop, b kotopom a-hh 
K aiKAOM (taPmOBOM CMCTeMbI C BhCniOHeHHOM 
noAAep>KKOM KBOTMpoBaHMH nponMcaHbi 
CTaHAapTHbie orpaHMneHMH AHCKOBoro npo- 
CTpancTBa. FlpM HeobxoAMiviocTM 3 tm SHane- 
HMH MO>KHO M3MeHMTb. HOBbie KBOTbl BCTy- 

HHT B AencTBMe cpasy nocne saKpbiTMH pe- 
AaKTopa. ripoBepMTb AencTBMe kbot mo>kho 
c noMOLAbio KOMBHAbi quota, yKasaB ePi b 
K anecTBe apryivieHTa Mivm nonbsoBaTenn, 
MnM (npM McnonbsoBaHMM Kniona -g) na- 
SBaHMe rpynnbi: 

# quota MMR_nojib30BaTejiR 
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MsBeiueHMe 


Kacci/ip 


KBMTaHUMfl 


KaccMp 


l/IHH 7705056238 3 A 0 ''l/l 3 flaTe;ibCKMM flOM ''Bypfla'' 

p/cH Ng 40702810900020106298 b C 6ep6aHKe Poccmm r. MocKBa 
k/ch N 5 30101810400000000225 b OflEPy Mock. TTV BaHKa Poccmm 
51 /IK 044525225 

ri/iaTe/ibLi^MK 

AApec 


HasHaneHMe n;iaTe>Ka 


>KypHa/i CHIP 


HOMepOB 


CyMMa 


rioflnMCb n/iaie/ibLAMKa 


l/IHH 7705056238 3 A 0 ''l/l 3 AaTe;ibCKMM flOM ''Bypfla'' 

p/cH N° 40702810900020106298 b C 6ep6aHKe Poccmm r. MocKBa 
k/ch N 2 30101810400000000225 b OHEPY Mock. ETY BaHKa Poccmm 
51 /IK 044525225 

ri/iaTe/ibLAMK 


AApec 


HasHaneHMe n;iaTe>Ka 


yKypnan CHIP 


HOMepOB 


CyMMa 


noAHMCb n/iaie/ibiAMKa 


nOAHMCKy MO>KHO OCflOpMMTb HB J 1 K) 60 M 
POCCMMCKMM aApCC. B CTOMMOCTb HOAHMCKM 
BK/itoHOHa AOCiaBKa >KypHa;iOB 
3aKa3HbiMM 6aHAepo/i5iMM. ripM on/iaie 
noAHMCKM AO 15-ro HMC/ia leKyiAero 
M6C5iua Bbi 6yAeie no/iynaib HOMepa 
CO c;ieAyK)iAero Meciiua. 


L 


\\ena 3a: co c/ieAytoiAero Mecj 

6 HOMepoB 570 py6;ieM 
12 HOMepoB 1140 py6/ieM 

fl/151 oc|3opM;ieHM5i noAHMCKM 3ano;iHMTe n;iaTe>KHbiM AOKyMeHT 
M on/iaTMie cbom 3aKa3 Hepe3 OTAe/ieHMe C6ep6aHKa. 
ripM 3ano;iHeHMM 6;iaHKa pa36opHMBO yKa>KMTe cfiaMM/iMK), v\m5\, 
0TH6CTB0 nO/lHOCTbtO, nOHTOBbIM MHA6KC M aApOC HO/iyH 316/1 51. 

B rpacfie «Ha3HaH6HMe n/iaTe>Ka» HanMuiMie ko/imh 6 Ctbo HOMepoB 
M3AaHM5i. B rpacj/e «CyMMa» npociaBbie cyMMy 3a Bbi6paHHoe bbmm 
K0/1MH6CTB0 HOMepOB. 


AApec A^^ HMceM: 125284 
MocKBa, a/B 125 

TeBec|30Hbi a^>< cnpaBOK: 

3A0 «BypAa flnpeKT» (095) 916-5706 
E-mail: abo@burdad1rect.ru 
3A0«AnP» (095) 101-2537 

noAUMCKa nepes MHiepHer: 
www.burdad1rect.ru, 

www.pressa.apr.ru/1ndex/44077 

nOAHMCHOM MHA6KC 44077 
B 06-beAMH6HHOM Kaia/iore «ripecca Poccmm» 

M Kaia/iore «PocneHaTb» 
noAHMCHOM MHA6KC 99006 B Kaia/iore «MAn» 
PacnpocTpaH6HMe m noAHMCKa b Benopyccuu: 
yn «P3M-l/lHcjDO», Mmhck,t6;i. (017) 291-9891/98, 
noAHMCHOM MHA6KC B Kaia/iore Be/inonibi 44077 
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# 3KCn/iyATAUMyi/_ yaa/ieHHoe aflMMHMCTpnpoBaHMe 


J BMeiiare/ibCTBO 
Ha paCCTOflHMM/ 

OCHOBbI pa6oTbl c SSH 

OflHO M3 ocHOBHbix npeMMyii^ecTB Unix-cepBepoB — B03M0>KH0CTb yfla- 
jieHHoro aAMMHMCTpMpoBaHMJi A3>Ke Hepea oneHb MeA/ieHHbie jimhmm 
CBA 3M. C;ieAOBaHMe MAeo/iorMM pa6oTbi m aAMMHMcrpMpoBaHMJi nepea 
MHTepcjDeMC KOMaHAHOM CTpoKM rapaHTMpyei, hto Bbi CMO)KeTe Bbino/i- 
HMTb ;iio6oe AeMCTBMe, Heo6xoAMMoe a^^i ynpaB/ieHMJi cepBepoM. 


SHana/ibHO Bbino;iHeHM5i agmctbhm 
H a YAa/ieHHbix Unix-MaiuMHax 6bi;iM mc- 
no/ibsoBaHbi telnet m Ha6opbi npo- 
rpaMM rLogin, rsh m rep. B ocHOBy saiAMmeH- 
HOCTM 3TMX npOAyKTOB, COSAaHHbIX OHeHb 
AaBHO, 6bm no;io>KeH npMHUMn saiAMibi ceie- 
Boro ipaHcnopia. BpeM5i noKasa/io, hto mo>k- 
Ho «yKpacTb» Hy>KOM IP-aApec, mo>kho nepe- 
HanpaBMTb K/iMeHia Ha cbom xoct, BS/iOMaa 
DNS-cepaep m/im MapiupyTHsaiop, mo>kho 
« npoc;iyiuMBaTb» ipacfiMK, naxoA^icb b tom >Ke 
cerMeHTe cotm, rp,e npoxoA^iT naKOTbi ot kjwa- 
eHTa K cepBepy, m naKoneu, nHc|DopMauMK) 
M0>KH0 cH5iTb Aa>Ke yAa/ieHHo np^iMO c ceTe- 
Boro Ka6e;i5i, cHHTbiBa5i 3/ieKTpoMarHHTHoe 
MS/iyneHMe. rio3TOMy na ceroAH5UUHHM ashb 
C|DaKTMHeCKMM CTaHAapTOM CTa/lO MCnO/lbSO- 
BaHMe aAMMHMCTpnpoBaHM5i Unix-cepBe- 
poB SSH — Secure SHeU, KOTopa^i npeAO- 
CTaB/i5ieT Bce npeMMymecTBa SSL m eme mho- 
>KeCTBO AOnO/lHMTe/lbHblX B03M0>KH0CTeM. 


Hn>Ke MbI paCCMOTpMM OCHOBHbie CBOMCTBa 
SSH, Mcno;ib3y5i b KanecTBe npi/iMepa cbo6oaho 
pacnpocTpaH5ieMbm naKeTOpenSSH (http:// 
www.openssh.org), KOTopbm b nacT05UAee 
BpeM5i npMcyTCTByeT bo Bcex AHCTpn6yTMBax. 

lM(|)poBaHMe Tpa(|)MKa 
KpMnrocTOMKMMM a/iropMTMaMM 

l/lcno;ib30BaHMe «c;ia6bix» a/iropMTMOB bo 3- 
MO>KHO, HO o6biHHO 3anpeiAaeTC5i bamhhhct- 
paTopoM cepaepa, HTo6bi rapaHTMpoeaTb na- 
Ae>KHoe iuMc|DpoBaHMe nepeAaaaeMbix AaHHbix. 
rio;ib30BaTe;ib MO>KeT Bbi6npaTb Me>KAy CTan- 
AapTM30BaHHbiM 3DES, 6biCTpbiM BLowfish m 
peAKO npnMeH5ieMbiMM CAST128 m Arefour. 

PBTOpMSaUMfl 

ABTopn3auM5i, Bepnee, ee paanoBMAHOCTb, 
0CH0BaHHa51 Ha KpnnTOrpac|DMM C OTKpbITbIM » 
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» K/ifOHOM (pubLic-key cryptography), rapaHTM- 
pyei, HTO MbI CB513blBaeMC51 MMCHHO C T6M XOC- 
TOM, C KOTOpbIM MBM Heo6xOAMMO. 3 tO 0 C 06 eH- 
Ho Ba>KHo, yHMTbiBa^i, HTO IP-BApec cepBepa 
MO>KeT 6biTb «yKpaAeH» (IP Spoofing), m/im 
M apiupyTM3aAM5i m DNS-30Ha Moryi 6biib H3- 
MeHCHbi B3/10MIAMK0M c ue/ibfo nepoHanpaB- 
;ieHM5i aanpocoB k cepBepy na cbom xoct, 

HTO no3Bo;iM;io 6bi, HanpMMep, nepexaaTbi- 
BaTb napo/iM, cnMy;iMpy5i /iothh. KpnnTorpa- 

Cf)M51 C OTKpbITbIM K/lfOHOM, pa3pa60TaH Ha51 
yaMTCflM/lbAOM flHC|DC|DM, MCnO/lb3yeT aCHMMOT- 
pMHHoe iuMc|DpoBaHMe, TO ecTb napy K/ifonen, 
ob/iaAafoiAyfo c;ieAyK)iAMMM CBOMCTBaMn: 
hto-;im6o, 3aiuMc|DpoBaHHoe oahmm m3 kjuo- 
H6M, MO>KeT 6blTb paClUMC|DpOBaHO C nOMOlAbfO 
Apyroro; oamh k;ik)h m 3 napbi, Haabiaa- 
eMblM OTKpbITbIM, HeB03M0>KH0 nO/iyHMTb 
ApyroM — ceKpeTHbiM. 

B SSH npoBep5ieTC5i cooTBOTCTBHe K/iiona 
IP-aApecy cepaepa m ero AOMCHHOMy MMeHM, 

M B c/iynae HecoBnaAeHH5i no/ibaoeaTe/iio Bbi- 
AaeTC5i cooTBOTCTByiomee npeAynpe>KAeHMe. 

KpoMe Toro, He ctomt 3a6bieaTb o pery;i5ip- 
HOM CMeHe K/iiona iuMc|DpoBaHM5i TpacjDMKa 
BO BpeM51 CeCCMM. rio yMO/lHaHMK) HOBblM 
K/llOH C03AaeTC51 OAMH pa3 B Hac. 3 tO 3HaHM- 
Te/lbHO CHM>KaeT B03M0>KH0CTb 3Cf)C|DeKTMBHOM 
paClUMC|DpOBKM nepeXBaH6HHblX AaHHbIX. 

3aU|MII|eHHblM TUHHe/lb 

O/ifl npoTOKO/ia X 1 1 

SSH aBTOMaTMHecKM ycTanaB/iMBaeT nepeMen- 
HyK) DISPLAY na yAa/iennoM xocTe m co3AaeT 


TyHHe/ib A/1^1 Xll coeAMHeHMM. 3 to no3Bo;i5ieT 
npoapaHHO no;ib30BaTe;i5i aanycKaTb na 
yAa/ieHHOM xocTe rpacfiMHecKMe npM/io>Ke- 
HM51, KOTOpbie npM 3TOM 6yAyT 0T06pa>KaTbC51 
Ha JlOKa/lbHOM pa6oH6M CTaHAMM. BK/IIO- 
H6HM51 3TOM B03M0>KH0CTM H606x0AMM0, HTO- 

6bi B sshd_config na cepeepe napaneTp 
Xll Forwarding 6bm ycTanoB/ien b ananeHMe 
«YES», a npM coeAMHeHMM c cepeepoM y SSH- 
K/iMeHTa ;im6o b kombhahom CTpoKe (k/iioh -X 
f\j\ 5 \ OpenSSH), ;im6o b KOHcfiMrypauMOHHOM 
cfiaM/ie (~/-ssh/config) HeobxoAMMO STy bo3- 
M0>KH0CTb paapeiuMTb. ripM 3TOM SSH-cepBep 
OTKpbieaeT TCP-coKeT c HOMepoM nopTa, Bbi- 
HMC/i5ieMbiM KBK 6000 (cTaHAapTHbiM nopT f \ J \ S \ 
Xll npM DISPLAY=:0) + XllDispLayOffset 
(B351TOM M3 sshd_config). 

nepeHanpaaneHMe 
yKasaHHbix TCP/IP-noproa 

ripM nepeHanpae/ieHMM nepe 3 3 aiAMiAeHHbiM 
TyHHe;ib npMHUMn paboTbi npaxTMHecKM tot 
>Ke, HTO M npM C 03 AaHMM Xll-TyHHe/ 151 . riOA" 
Aep>KMBaK)TC 5 i ABa BMAa TyHHe/ieM: /lOKa/ibHbm 

(Local) M yAa/ieHHbiM (remote). 

IlOKa/lbHblM TyHHe;ib M0>KH0 yCTaHOBMTb, Bbl- 
no/iHMB KOMBHAy ssh -L port: host: hostport 
user@server. flpM 3 tom TpacfiMK hb yKaaaHHbiM 
port Ha jioKa/ibHOM (luiMeHTCKOM) MaiuMHe He- 
pe3 SSH-TyHHe;ib 6yA6T nepenanpae/i^iTbc^i na 
server m y>Ke c Hero 6yAeTycTaHaB/iMBaTbC5i co- 
eAMHOHMe Ha nopT port xoctb host. VAa/ieHHbiM 
TyHHe;ib ycTaHaB/iMBaeTC5i ana/iorMHHbiM cnoco- 
6om, c tom jiMiub pasHMueM, hto nepeHanpaB/i5i- 



eTC5i nopT Ha yAa/iennoM cepeepe na CTopony 
miMeHTB, M coeAMHeHM5i, CAe/iBHHbie Ha cepeepe 
server hb /lOKa/ibHbiM nopT port, 6yAyT nepena- 
npaB;i5iTbC5i na K/iMeHTa, m orryAa HayKaaaHHbiM 
nopT port XOCTB host. Cmhtbkcmc KOMBHAbi ssh - 
R port: host: hostport user@server. flpMMep: 

ssh -fN -L 3128:localhost:3128 myserver 

Tenepb mo>kho b nacTpoMKax 6payaepa na ;io- 
KB/ibHOM MaiuMHe yKaaaTb b KanecTee npoKCM- 
cepeepa LocaLhost:3128. flpM stom hb cbmom 
Ae/ie 6yA6T Mcno;ib30BaTbC5i npoKCM, hbxoa^i- 
IAMMC51 Ha cepeepe myserver. npoKCM-cep- 
Bepa coeAMHeHM5i 6yAyT Bbir;i5iAeTb npMxoA^i- 
lAMMM c BApeca 127.0.0.1 (LocaLhost). K/hoh 
- fN yKaaan f\j\s\ Toro, HTo6bi SSH cpaay ym/ia b 
CflOHOBblM pe>KMM, TBK KBK B AaHHOM C/iyHBe 
HBM He Tpe6yeTC5i Bbino;iH5iTb hmkbkmx kombha- 

OnqMOHa/ibHoe 

c}KaTMe nepeflaaaeMbix naHHbix 

ripM 3TOM MCno;ib3yeTC51 TOT >Ke a/iropMTM, hto 
M B gzip. C>KaTMe BK/nonaeTC^i k/iiohom SSH- 
K/iMeHTB M AGMCTByeT f\j\s\ Bcex nepeAaeae- 
Mbix M/iM no/iynaeMbix AaHHbix (BK/nona^i Tyn- 
He/iM) B npeAe/iax AannoM ceccMM. 3 to MO>KeT » 
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K/iMeHT PuTTY pa6oTaeT c HecKo;ibKMMii npoTOKO/iaiviM m cyiuecTBy- 
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# 3KCn/iyATALlMyi/_ yAa/ieHHoe aAMkiHMCTpi/ipoBaHMe 


» 3HaHMTe;ibH0 ycKop^iib nepeAany AaHHbix npM 
MCno;ib30BaHMM MCA/ieHHblX MOAeMHbIX M/IM 
HM3KOCKOpOCTHblX ADSL-/1MHMM. 

0co6eHHOCTM aBTOpMSaUMM 

PaccMOTpMM noApo6Hee cMcieMy ayTeHTHc|DM- 
KauMM B SSH, ocHOBaHHyfo Ha KpnnTorpac|DMM 
c OTKpbiTbiM K/ifOHOM, nocKO/ibKy npaBM/ibHoe 
ee npMMeHeHMe oneMb yAo6Ho npM noBceA- 

HeBHOM aAMMHMCTpMpOBaHMM. 

TeLnet m rLogin npM yciaHOB/ieHHM coeAM- 
HeHM5i BcerAa 3anpaiuMBa;iM no/ibaoBaie- 
j]^\ M napo/ib. 3 to aaiAMiAa/io ot HeaBTopn30- 
BaHHoro BxoAa b CMCieMy, ho Ka>KAbm paa 
Tpe6oBa;io BBOAa napo;i5i aAMHHHCTpaiopoM, 
HTO 6bmo HeyAo6HO, m;im xpaneHM^i ero b 


CKpMniax, HTO OTHfOAb He noBbima/io aaiAM- 
meHHOCTb cepBepa. B ;ik)6om c/iynae, napo/ib 
nepeAaBa;iC5i no ceiM b OTKpbiTOM bma6, hto 
no3Bo;i5i;io ero /lerKO nepexeaiHTb. 

Rsh, HanpoTMB, ncno;ib30Ba;i aBTopn- 
aauMM TO/ibKO IP-aApec yAa/iennoro xocia, 
HTO 6bi;io oneHb yAo6Ho b cKpMnTax, ho ot- 
KpbiBa/io lUMpoKoe no/ie Ae^iTe/ibHocTM f\j\s\ 

BCeB03M0>KHblX B3/10MIAMK0B. 

SSH pea;iM3yeT m K/iaccMHecKyfo cxeMy aB- 
TopMaauMM, KOTAa cepBep aanpaiuMBaeT na- 
po/ib y K/iMeHTa, m noAo6Hyfo rsh aBTopn3a- 
UMfo, cpa6aTbiBafoiAyfo npM ycTanoB/ieHHM 
«;iMHH0CTM» cepBepa. PIpeACTaBHM OAHaKO, 
HTO yAa/ieHHbiM cepaep 6b\n Ba/iOMan, m xaKep 
CMor noAMOHMTb sshd na cbom, coxpan^ifoiAMM 
Bce BBOAeHHbie napo/iM b c|DaM;i. HecMOTp^i na 


TO, HTO Bce AaHHbie iuMc|DpyK)TC5i npM nepeAa- 
He no ceTM, na CTopone cepaepa ohm see paa- 
Ho paciuMc|DpoBbiBaK)TC5i, M Aa/ibiue napo/ib 
cpaBHMBaeTC5i c TOM, HTO xpaHMTC5i Ha cepae- 
pe. ripo6;ieMa ycyry6;i5ieTC5i tom, hto bamm- 
HMCTpaTopbi, KBK npaBM/io, Mcno/ibayfOT oamh 
M TOT >Ke napo/ib epaay na necKO/ibKMx cep- 
Bepax, nosTOMy xaKepy, no/iyHMBiueMy na- 
po/ib OT OAHoro cepaepa m npoana/iMBMpo- 
BaameMy ~/-ssh/known_hosts, CTaHOB5iTC5i 
AOCTynHbiMM M ApyrMe xocTbi, a naxoA^icb b 
/etc/sudoers m mmo^i AOCTyn cynepno/ibaoaa- 
Te;i5i Ha hobom cepBepe->KepTBe, oh MO>KeT 
nOAMOHMTb sshd M TBM, H0CT051HH0 paClUMp5151 
o6;iacTb caoero npoHMKHoaeHM5i. 

TpeTMM cnoco6 aaTopMsauMM b SSH no3- 
BO;i5ieT 3/ieraHTHO M 3Cf)C|DeKTMBHO peiUMTb 3Ty » 


MofleMHbiM TepMMHa;i 


l/l3 qoMa - B o(|)MCHyiii /lOKB/ibHyn ceib 


AOCTaTOHHO HaCTO aAMMHMCTpaTOpaiVI Heo6- 
XOAMMO AOSBOHMTbCH AO cepBepa no MOAOiviy 
M no-nyHMTb AOCTyn k -noKa-nbHOM ceTM m Mh- 
TepneTy, Mcno-nbsyn CBoe ocpMCHoe MHTepHeT- 
coeAMHeHMe. SToro Ha cepaepe Heo6xo- 

AMMO HaCTpOMTb MOAOIVIHblM AOCTyn. MTaK! 

► rioAK/iiOHaeM MOAOM, onpeAe/ineivi, Ha Ka- 
KOM nopTy OH BMA6H, M npoBepH6M ero pa- 
6oTOcnoco6HOCTb, HanpMiviep, c noMOiAbio 
MHTepaKTMBHoro pe>KMMa nporpaiviMbi ppp. 

► ycTanaB/iMBaeivi nngetty ms nopToa: 


echo "PPP for $CALLEDAS on $TTY" 
echo "Starting PPP for $IDENT" 
exec /usr/sbin/ppp -direct $IDENT 

3 tot ckpmht AO/i>KeH 6biTb McnonHneMbiivi. 
Tenepb cosAOMTe Ha stot ckpmht CMMBonM- 
necKyio ccbmKy c MivieneM ppp-dialup c no- 
MOiAbio cneAyfOLAeM KOiviaHAbi: 

# In -s ppp-shell /etc/ppp/ppp-dialup 


cd /usr/ports/comms/mgetty+sendfax && 
make install all 

Mo>kho McnonbsoBaTb ycTanoEKM no yivion- 
HaHMK), nocKonbKy ohm Bnonne pa6oTOcno- 
co6Hbi. yKasbieaeivi nngetty KaKOM CKpMnT 
(login progrann) McnonbsoBaTb a-hh exoao. 
CosAOMTe (|)aMn noA HaseaHMeM /etc/ppp/ 
ppp-shell, coAep>KaLAMM cneAyfomee: 

#!/bin/sh 

IDENT='echo $0 | sed -e 's/^.*-\(.*\)$/\l/" 
CALLEDAS="$IDENT" 

TTY='tty' 

if [ x$IDENT = xdialup ]; then 
IDENT='basename $TTY' 
fi 


McnonbsyMTe stot CKpMnT b KanecTBe 060- 
noHKM A-nn yAaneHHbix nonbsoBaTeneM. Hm- 
>Ke npMBeAOH npMiviep sanMCM b /etc/pass- 
word A-nn yAaneHHbix nonbsoBaTeneM PPP c 
MMOHeM nonbsoBaTenn pchilds . 

pchilds:*:1011:300:Peter Childs 

PPP:/home/ ppp:/etc/ ppp/ ppp-dialup 

CosAaMTe KaTanor /honne/ppp, AOCTynHbiM 
A/iH HTeHMH M coAep>KaLAMM cneAVfOLAMe 
c|)aMnbi HyneBOM A-nMHbi: 

-r-r-r- 1 root wheel 0 May 27 02:23 
•hushlogin 

-r— r— r— 1 root wheel 0 May 27 02:22 
.rhosts 


3 to npeAOTBpaTMT OTo6pa>KeHMe /etc/nnotd. 
HacTpoMKa m KOMnMnnuMH nngetty c napa- 
ivieTpoM AUTO_PPP nosBonneT nngetty on- 
peAonHTb LCP-ct)a3y PPP-coeAMHeHMM m 
aBTOMaTMHecKM nopo>KAaTb o6onoHKy ppp. 
Oaheko, nocKonbKy CTaHAapTHbiM metoa 
« norMH/naponb» He McnonbsyeTcn, Heo6- 
xoAMMa ayreHTMcjDMKauMH nonbsoBaTeneM 
nepes PAP m^m CHAP. 

B STOM pasAone npeAnonaraeTcn, hto 
nonbsoBaTenb ycnemno nacTpoMn, ckom- 
nMnMpoBan m ycTanoEMn BepcMio nngetty c 
napaivieTpoM AUTO_PPP (v0.99beta m^m 
6onee hosahioio). 

ybeAMTecb, HTO b c|)akme /usr/local/etc/ 
nngetty-bsendfax/login.config MivieeTCH cne- 
AyfOLAan CTpona: 

/AutoPPP/ — /etc/ppp/ppp-pap-dialup 

3 to yKa>KeT nngetty sanycKaTb CKpMnT 
ppp-pap-dialup a-hh o6Hapy>KeHHbix co- 
eAMHeHMM PPP-TMna. 

CosAaMTe (i>am /etc/ppp/ppp-pap-dialup, 
C0Aep>KaLAMM cneAyfOLAee (stot c|)aMn ao/i- 
>KeH 6biTb BbinonHHeivibiM): 

#!/bin/sh 

exec /usr/sbin/ppp -direct pap$IDENT 
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» M HecKO/ibKO conyTCTByfomMx npo6;ieM na- 
po/ibHOM ayieHTMclDMKauMM. B ocHOByiaK Ha- 
sbiBaeMOM Public Key Authentication — aBio- 
pMsauMM no OTKpbiTOMy K/ifOHy — no;io>KeH 
npMHUMn lUMC|DpOBaHM51 C OTKpbITbIM K/lfOHOM, 

Mcno/ibsyeMbiM m b SSU h b PGP. OneBi/iAHO, 
HTO «Kpa>Ka» OTKpbiToro K/ifona — eAMHci- 
BeHHoro KycKa ayTeHTHc|DMKauMOHHbix abh- 
Hbix, nepeABBaeMoro ua cepaep, — He abct 
xaKepy abco/ifoiHo HMHero. PaccMoipMM abh- 
Hyfo lexHMKy paboibi noApobnee. 

liM(bpoBaHMe 
C OTKpbITbIM K/1HH0M 

► CosAaeM napy «OTKpbiTbm/3aKpbiTbm k/ik)h» 
c noMOiAbfo yiM/iHTbi ssh-keygen: 


user@myhost:~$ ssh-keygen -b 2048 -f 
mykey -t dsa 

Generating public/private dsa key pair 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 

Your identification has been saved in mykey. 
Your public key has been saved in 
mykey. pub. 

The key fingerprint is: 
4d:f8:b7:40:de:af:68:82:d5:bf:81:98:12:lb: 
4b:79 user@myhost 
user@myhost:~$ 

napaMeip -b yKasbiBaei pasMep K/ifona b 
6nTax, ciaHAapTHbie peKOMOHAyeMbie SHane- 
HM51 — 512, 1024, 2048; 


-t — run luifOHa. BTopoM BepcMM npoio- 
Ko/ia M0>KH0 Bbi6npaTb rsa dsa, ycia- 
peBiueii nepBOM Mcno/ibsyera SHaneHMe rsal; 

-f <filename> — cfiaM/ia, KyAa 6yAei 
sanMcaH saKpbiibm k;ik)h. OiKpbiTbm 6yAei 
coxpaHOH B cooTBOTCTByioiAMM c|DaM;i c pac- 
lUMpeHMeM .pub; 

K;ik)h -f MO>KHO M He yKasbiBaib; b stom 
c/iynae 6yAei cosAan k;ik)h, Mcno/ibsyeMbm 
ssh no yMO/iHaHMfo. 

► KaKMM-nn6o cnocoboM (nanpMMep, nepes 
TOT >Ke SSH, Mcno;ib3y5i napo/ibnyio ayTeHTM- 
clDHKauMfo) Ao6aBn5ieM oTKpbiTbm k;ik)h b 
c|3aM;i $HOME/.ssh/authorized_keys, rp,e 
$H0ME — AOMaiuHMM KaTa/ior no/ib30BaTe;i5i, 
noA MMeneM KOToporo Mbi xotmm aaxoAMTb na 
cepaep. Onenb yAobno Bbino;iH5iTb 3Ty npoue- » 


A/iH Ka>KAOM nMHMM, BKnioHeHHOM B /etc/ 
ttys, cosAaMTe cooTBeTCTByiOLAyio sanMCb b 
/etc/ppp/ppp.conf. OHa 6yf\ej OTnnHHO co- 
HeTaTbCH c T6M, HTO 6bmo cosAaHO Bbime. 

pap: 

enable pap 

set ifaddr 203.14.100.1 203.14.100.20- 
203.14.100.40 
enable proxy 

A/iH Ka>KAoro nonbsoBaTenn, BxoAHu^ero b 
ceTb no 3T0My ivieTOAy, b c|)aPme /etc/ppp/ 
ppp. secret AO/i>KHa npMcyrcTBOBaTb sa- 
HMCb c norMHOM/naponeM. flpaBAa, ecTb 
M anbTepHaTMBHbiM BapMaHT: a-hh ayreHTM- 
c|)MKai4MM nonbsoBaTeneM no PAP nepes 
/etc/password hboOxoammo Mcnonbso- 
BaTb cneAyiou^MM napaivieTp: 

enable passwdauth 

EcnM Bbl XOTMTe npMCBOMTb HeKOTOpblM 
nonbsoBaTennivi CTaTi/inecKHM IP, saAaPiTe 
ero B KanecTBe TpeTbero apryivieHTa b 
/etc/ppp/ppp. secret. 

► HacTpaMBaeivi ppp.conf. BnMCbiBaeivi Ty- 
Aa "enable proxy" m npoBepneivi, hto /etc/ 
rc.conf coAep>KMT HeoOxoAMiviyio CTpoKy 
gateway_enable="YES" 


BaM noTpebyeTCH AobaBMTb pasAen a-hh 
K a>KAoro M 3 nonbsoBaTeneM co CTaTMuec- 
KMMM IP-aApecaiviM. 

Userl: 

set ifaddr 203.14.100.1 203.14.101.1 

255.255.255.255 
User2: 

set ifaddr 203.14.100.1 203.14.102.1 

255.255.255.255 
User3: 

set ifaddr 203.14.100.1 203.14.103.1 

255.255.255.255 

EcnM HeobxoAMMO, cj^aPm /etc/ppp/ppp. 
linkup AO/i>KeH TaK>Ke coAep>KaTb MHc|)op- 
MauMK) 0 MapujpyTMsauMM a-hh Ka>KAoro 
nonbsoBaTenn co CTaTMnecKMM IP-aApeca 
MM. HM>Ke npMBeAeH TaKOM npMMep. 

Userl: 

add 203.14.101.0 netmask 255.255.255.0 
HISADDR 
User2: 

add 203.14.102.0 netmask 255.255.255.0 
HISADDR 
User3: 

add 203.14.103.0 netmask 255.255.255.0 
HISADDR 


► HacTpaMBaeM /etc/ppp/ppp. secret. 

3tot c[)aMn npMMeHneTcn a-hh ayreHTM^M- 
KauMM nonbsoBaTenn bo bpbmh mbmumb- 
nMsauMM ppp-coeAMHeHMH. HTobbi 
saAeMCTBOBaTb nonbsoBaTenbCKMM na- 
ponb M3 /etc/passwd, nocTaBbTe "*" b 
none AUTHKEY. A-nn ero Mcnonb30BaHMH b 
ceKUMM cepBepa b ppp.conf Aon>KHa bbiTb 
BKniOHeHa onuMH passwdauth. 3Ta ct)yHK- 
UMH, xoTb M yAobHa, HO paboTaeT TonbKO c 
PAP-aBTopM3ai4MeM. 

► ripoBepneM /etc/ttys. Bo BpeMH ycTa- 

HOBKM mgetty y>Ke Aon>KHa bbina AobaBMTb 
CBOM sanMCM B KOHeu nosTOMy ao- 

CTaTOHHO npocTO ybeAMTbCH, hto c|)aMn ycT- 
poMCTBa yKasaH KoppeKTHO. Flo yMonna- 
HMK) CTpoHKa BbimHAMT KBK "cuaaO 
"/usr/local/sbin/mgetty" dialup on" 

► HpeAnaraeM init nepenMTaTb /etc/ttys 
cneAyiOLAeM KOMaHAOM: kill -HUP 1. 

Cepaep totob npMHMMaTb BxoAHiAMe 3 boh- 
KM. rionbsoBaTenb npM bxoa 6 byA6T nony- 
HaTb aApec m 3 BHyrpeHHeM cotm m Mcnonb- 
30BaTb AOCTynHbie pecypcbi. 

Ann nonyneHMH AononHMTenbHOM MHc|)opMa- 
UMM Bbl BcerAa CMO>KeTe McnonbsoBaTb 

FreeBSD Handbook — nonHyio AOKyMeHTa- 
UMio no 3T0M CMCTeMe. AApec pyccKOM Bep- 
CMM handbook — http://www.freebsd.org/ 
doc/ru/books/handbook/. 
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# 3 KCn/iyATALlMyi/_ yAa/ieHHoe aAMkiHMCTpi/ipoBaHMe 


» Aypy c noMOiAbfo ExoA^iiueM b cocTae OpenSSH 
nporpaMMbi ssh-copy-id: 

user@myhost:~$ ssh-copy-id -i mykey.pub 
user@ server 

Password: 

/usr/bin/Xll/xauth: creating new 

authority file /home/user/.Xauthority 

Now try logging into the machine, 

with "ssh 'user@ server'", and check in: 

•ssh/authorized_keys 

to make sure we haven't added extra 
keys that you weren't expecting. 

user@myhost:~$ 

Ec/im ssh-copy-id j\j\s\ eamero SSH-K/iMeHia 
HOT, M0>KH0 nepeHecTM K/ifOH c/ieAyK)iAeM ko- 
MaHAOM: cat mykey.pub | ssh user® server 
'cat » ~/-ssh/authorized_keys'. 

► OnuMOHa/ibHO noArpy>KaeM saKpbiTbm KnfOH 
M3 napbi B ssh-agent nepes ssh-add: 

user@myhost:~$ ssh-add mykey 

Enter passphrase for mykey: 

Bad passphrase, try again for mykey: 

Identity added: mykey (mykey) 

YciaHOBKa napo;i5i f\j\s\ mMcjDpoBaHM^i sa- 
KpbiToro K/ifona no3BO/i5ieT npeAOTBpaiMTb ero 
Mcno;ib30BaHMe b c/iynae Kpa>KM c H0CMTe;i5i, 
TAe OH HaxoAMTC5i. CornacMiecb, hto noMHMib 
Bcero OAMH napo/ib m o6ecneHMib coxpaH- 
HOCTb OAHoro Knfona 3HaHMTe;ibH0 /lerne, hom 
napO/lM M K/lfOHM A6C51TKOB CepsepOB, KOTOpbie 
Bbi aAMMHMCTpMpyeie. Flapo/ib Bbi6MpaeTC5i 
npM co3AaHMM Knfona kombhaom ssh-keygen; c 
ee >Ke noMOiAbfo k;ik)h mo>kho nepeKOAMpo- 
Baib noA ApyrMM napo/ieM. 

KoHeHHO, SSH-agent Mcno;ib30BaTb Heo- 
65i3aTe;ibH0, ho b stom c/iynae SSH 6yAei 3a- 
npaiuMBaib napo/ib K/ifona Ka>KAbiM paa 
npM BxoAe Ha cepeep. Mo>kho TaK>Ke CAe/iaib 
aaKpbITbIM K/lfOH, He 3aiUMC|DpOBaHHblM KaKMM- 
;im6o napo/ieM, hto no3Bo;i5ieT Mcno/ibaoBaib 
SSH B CKpMniax Bbino;iHeHM5i kombha na 
YAaneHHbix MaiuMHax. Tyi B03HMKaei aaKOHo- 
MepHbiM Bonpoc: «A hto, ec/iM 3 tot k;ik)h yK- 
paAyT? BeAb TorAa b3/iomiamk no/iynuT ao- 


CTyn K cepeepy c ;iK)6oro KOMnbfOTepa!». 

npeA 0 TBpameHM 5 i SToro b SSH npeAyc- 
MOTpeHO HeCKO/lbKO Mep. 

riepBa^i M3 HMx — orpaHMHeHMe bo 3 mo>k- 
HOCTM MCno;ib30BaHM51 K/lfOHa KOHKpeTHbIMM 
BApecaMM. SToro noc/ie Ao 6 aBneHM 5 i ot- 
KpbiToro K/ifona b authorized_keys hb cepee- 
pe OTKpoMTe ero b peAaKTope m Ao6aBbTe 
napaMOTp from="hostname_mask". B Kane- 
CTBe hostname_mask mo>kho McnonbaoeaTb 
AOMeHHoe MM51 KnMeHTB, MnM ero IP-aApec. 
TaK>Ke noAAep>KMBaK)TC5i wildcards: mo>kho 
HanMCBTb from="*. mycompany.ru", m TorAa 
K/lfOH 6yA6T AGMCTBMTe/ieH A^^ BCeX XOCTOB 

B 30 He mycompany.ru. B napaMOTpe from 
MO>KHO nponMCBTb cpaay HecKO/ibKO 3 Hane- 
HMM, pa 3 Ae;i 5 i 5 i mx san^iTbiMM. 

user@server$ cat $HOME/.ssh/ 
authorized_keys 

from="*. mycompany.ru" ssh-rsa 
AAAAB3GzaN4... public-keyl 

BTopa 5 i Mepa — 3 to orpaHMHeHMe kombha, 
KOTopbie MO>KHO Bbino;iH 5 iTb, no;ib 3 y 5 icb AaH- 
HbiM K/ifOHOM. Ohm yKa 3 biBafOTC 5 i aHa/iorMHHO 
from, Mcno;ib 3 y 5 i napaneTp command="/path/ 
to/program args": 

user@server$ cat $HOME/.ssh/ 
authorized_keys 

command="dump /home" ssh-rsa 
AAAAB3GzaN4... public-keyl 


ripeAycMOTpeHbi eme m orpaHMHeHMe bo 3 - 
M0>KH0CTM co3AaHM5i TyHHe/ieM, pesepBMpoBB- 
Hm ycTpoMCTBB BMpTya/ibHoro TepMMHa/ia m 
npMHyAMTe/ibHoe BbiCTaaneHMe HeKOTopbix ne- 
peMeHHbix 0Kpy>KeHM5i. Heo6xoAMMbie napa- 
MeTpbi 3Toro MO>KHO HBMTM B man sshd. 

KbK MbI y>Ke rOBOpMnM, HTo6bl He BBOAMTb 
napo/ib npM Ka>KAOM exoAe hb cepeep, mo>k- 
Ho BOcno;ib30BaTbC5i ssh-agent. 3 to cneuM- 
a;ibHa5i nporpaMMa, xpaH5UAB5i b ceoeM na- 
M51TM 3BKpblTbie K/lfOHM B paClUMC|DpOBaHHOM 
BMA6 M npeAOCTBBn5iK)iAa5i MX Hepea Unix- 
coKeT npMno>KeHM5iM no aanpocy. flpM aanycKe 
SSH-agent BbiCTaen^ieT HecKO/ibKO nepeMeH- 
Hbix 0Kpy>KeHM5i, no3Bo;i5iK)iAMx nporpaMMaM 
HBMTM ero coKeT, no3TOMy o6biHHO OH aanyc- 
KaeTC51 BO BpeM51 MHMAMa/lMaaUMM ceccMM X, 

M Bce npoueccbi no;ib30BaTe;i5i Aa/iee 

fOTC5i ero noTOMKBMM, Hac/ieAy^i nepeMOHHbie 

0Kpy>KeHM51. 

floGaeneHMe aaKpbiTbix K/ifoneM ocymecTB- 
;i 5 ieTC 5 i c noMOiAbfo KOMBHAbi ssh-add, b Kane- 
CTBe napaMOTpa KOTopoM nepeAaeTC 5 i nyTb ao 
cfiaMna c aaKpbiTbiM ofonoM. 

user@myhost:~$ ssh-add mykey 
Enter passphrase for mykey: 

Identity added: mykey (mykey) 
user@myhost:~$ 

Ec/im ssh-add aanycKaeTC/i b mhtopbktmb- 
HOM pe>KMMe (HanpMMep, b xterm m^m kohco- 
jwa), to aanpoc hb napo/ib K/ifona BbiAaeT- 
C51 B TOT >Ke TepMMHa/i. KoTAa >Ke, HanpMMep, » 


flaKST lilebmin 


AnMMHMCTpMpoBaHMe Hcpes 6pay36p 


CyiAeCTByeT B03M0>KH0CTb aAMMHMCTpMpO- 
B0Tb cepBep, Mcnonbsyn nioOoM Be6-6pa- 
ysep. OTnMHHbiM naneT Webmin (http:// 
www.webmin.com/) nocne HeOonbUJOM Ha- 
CTpoMKM no3BonneT yAaneHHO ynpaan^Tb 
cepaepoM: aaBOAMTb nonb30BaTeneM, npM- 
HMiviaTb M nepeAaaaTb c|)aMnbi, K0Hcj)MrypM- 
poBaTb HecKonbKO aschthob nonynnpHbix 
npMno>KeHMM, tbkmx kbk DNS-cepaep, 
BIND, Beb-cepaep Apache, Squid, Samba, 
3anMCblB0Tb KOIVinaKT-AMCKM, HacTpaMBaTb 
DHCP, noHTOBbie cepBMCbi, npMHT-cepaep, 
SSH, firewall m t. a- 


Webmin BbinonHeH b bma 6 npocToro aeb- 
cepaepa m Habopa CGI-npMno>KeHMM, Ha- 
HMcaHHbix Ha Perl. 3to no3BonneT npM He- 
obxoAMMOCTM caiviocTOHTenbHO AobaBnHTb 
HeobxoAMMbie cJ/yHKUMOHanbHbie bo3mo>k- 
HOCTM. Ero MHTep4>eMC M MOAy/lM npaKTM- 
HecKM nonHOCTbio nepeBeAeHbi Ha pyc- 
CKMM H3biK. PacnpocTpanneTCH Webmin 
noA BSD-noAobHOM nMueH3MeM, hto no3- 
BonneT cboOoaho npivieHHTb, moamcI/mum- 
poaaTb M pacnpocTpaHHTb ero kbk a-h^ 
HeKOMMepnecKoro, tbk m a-h^ KOMMepnec- 
KOrO MCnOnb3OB0HMH. 
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» o6pa6aTbiBaeTC5i -/-xsession, ssh-add f\j\5\ no/iyHeHH5i napo/i5i sanyc- 
Kaei nporpaMMy, yKasaHHyfo b nepeMeHHOM OKpy>KeHM5i SSH_ASKPASS. 
rio yMO/iHaHMfo 3TO ssh-askpass — He6o;ibiua5i nporpaMMa noA X- 
Window System, BxoA^iiua^i b naKei OpenSSH. 

► SaxoAMM Ha cepaep tohho lax >Ke, Kax m paHbiue, sa MCK/ifoneHMeM 
Toro, HTO y Hac lenepb He cnpaiuMBafOT napo/ib. 



Webmin — nporpaivuvia aAMMHiiCTpMpoBaHii5i nepes 6pay3ep | 

Handbook no aApecy http://www.freebsd.org/doc/ru/books/hand- 
book/ openssh.htmL, ;im6o na cipaHMAbi paspaboTHMKa no aApecy 
http:// www.openssh.com. Tan >Ke Bbi naMAeie noc/ieAHMe BepcMM 
3T0M no/iesHOM nporpaMMbi m CBe>KMe hoboctm, hto nosBO/im Ban 
nocT05iHHO noAAep>KMBaTb besonacHOCTb Bamero cepaepa na ao/dkhom 
ypoBHe. ■ ■ ■ KoHCTaHTMH CTapoAybAeB 


SSH Ha Uindous-n;iaT(|)opMe 

flo CMx nop Mbi o6cy>KAa;iM lo/ibKO OpenSSH, OAHaKO noA Windows ero 
Mcno/ibsoBaHMe MO>KeT 6biib ne ecerAa yAobno, laK KaK ipebyei na/iM- 
HM51 Cygwin-0Kpy>KeHM5i. floaTOMy do/ibiuyfo nony;i5ipHOCTb saaoeBa/i 
ApyroM 6ecn/iaTHbm K/iMeni SSHl/2- PuTTY (http://www.chiark.gree- 
nend.org.uk/~sgtatham/putty/). Oh npeAOCiaB/i^ieT aAMHHHCipaiopy 
npocTOM M noH5iTHbm rpacjDMHecKMM MHiepcjDeMC M no/iHbiM Habop yiM/lMT, 
KOTopbie Mbi o6cy>KAa;iM Bbiiue, BK/ifona^i nporpaMMy a/i^i C03AaHH5i m mm- 
nopTnpoBaHM5i/3KcnopTMpoBaHM5i K/ifOMOM M aHa/ior SSH-agent. flpM/iara- 
eMa5i A0KyMeHTauM5i noApobno onMCbiBaei MeiOAMKy mx ncno;ib30BaHM5i 
noA Windows, laK hto noc/ie npoHTeHH5i 3tom ciaibH Bbi CMO>KeTe pa30- 
6paibC5i B Hen 6e3 ocoboro ipyAa. B coHeiaHHM c KaKHM-;iMbo X-cepee- 
poM noA Windows (Exceed ot Humminbird, XFreeSb H3 Cygwin) mo>kho, 
HaxoA^icb Ha paboneM ciaHAMM c Windows, Aa>Ke aanycKaib na cepaepe 
rpac|DMHecKMe nporpaMMbi KOHc|DMrypMpoBaHM5i, a npM noAAep>KKe X-cep- 
BepoM OpenGL — m 3D-nporpaMMbi. 

Ec/im Bce eiiie ocra/iMCb Bonpocbi... 

Mbi paccMOipe/iM neKOiopbie bo3mo>khoctm paboibi c OpenSSH. 3tot 
beccnopHO Ba>KHbm m MOiAHbm naKei noAAep>KMBaeTC5i npoeKTOM 
OpenBSD m ocHOBan na SSH vl.2.12 co BceMM noc/ieAHMMH Mcnpaa/ie- 
HM51MM M obHOB/ieHM51MM, COBMeCTMM C npOTOKO/iaMM SSH BepCMM 1 M 2. 
OpenSSH BK/ifonen b baaoByio CMCieMy naHHHa^i c FreeBSD 4.0. 

fl/151 no;iyHeHM5i Aono/iHMie/ibHbix CBeAeHMM o paboie OpenSSH Bbi 
BcerAa MO>KeTe obpaTHTbC5i na cipaHMUbi pyccKOM aepcMM FreeBSD 



EMP-1QQ 


rMyjibTMc()opMaTHbiM HJieep (MP3/WMA/ASF) 
\ 128/256/512/1024M BapoeHHOM naMBTM 
\ BCTpOGHHbie AMKTOCpOH M FM TIOHep 
\ noAAep)KKa IDS Tag Ha pyccKOM B3biKe 
BCTpoeHHbiM Li-Polymer aKKyMyjiBTop 


MocKOBCKoe npeflCTaBMTenbCTBO 
Digital Direction Electronics Co., Ltd 
(095) 737-3606, www.dpro.ru 

MocKBa (095): Bafl-Xojifli/iHr 937-3327; ULTRA Computers 775-7566; Mo6i/iJibHbie CoBeibi 729-5710; 
POLARIS 755-5557; MunaMH 941-6161; OhJiatiH Tpetifl 737-4748; FORCE Computers 775-6655; 

DATA Storage 150-8414; SWIFT Technologies 786-6363; DigitalShop 216-6913; D/ieep 775-0475 


CHIP 


SPECIAL 


N5 8 / 2 0 0 4 





